Add auto_regenerate option to CacheSessionPersistence

Signed-off-by: Michal Izewski <[email protected]>

docs/book/v1/manual.md

@@ -36,7 +36,10 @@ The following details the constructor of the `Mezzio\Session\Cache\CacheSessionP
  * @param string $cookieSameSite The same-site rule to apply to the persisted
  *    cookie. Options include "Lax", "Strict", and "None".
  *    Available since 1.4.0
- *
+ * @param bool $autoRegenerate Whether or not the session ID should be
+ *    regenerated on session data changes
+ *    Available since 1.13.0
+ * 
  * @todo reorder these arguments so they make more sense and are in an
  *     order of importance
  */
@@ -51,7 +54,8 @@ public function __construct(
     string $cookieDomain = null,
     bool $cookieSecure = false,
     bool $cookieHttpOnly = false,
-    string $cookieSameSite = 'Lax'
+    string $cookieSameSite = 'Lax',
+    bool $autoRegenerate = true,
 ) {
 ```
 

src/CacheSessionPersistence.php

@@ -34,6 +34,7 @@ class CacheSessionPersistence implements SessionPersistenceInterface
     private CacheItemPoolInterface $cache;
 
     private bool $persistent;
+    private bool $autoRegenerate;
 
     /**
      * Prepare session cache and default HTTP caching headers.
@@ -67,6 +68,8 @@ class CacheSessionPersistence implements SessionPersistenceInterface
      *                       be accessed by client-side apis.
      * @param string                 $cookieSameSite The same-site rule to apply to the persisted
      *                    cookie. Options include "Lax", "Strict", and "None".
+     * @param bool                   $autoRegenerate Whether or not the session ID should be
+     *                       regenerated on session data changes
      * @todo reorder the constructor arguments
      */
     public function __construct(
@@ -80,7 +83,8 @@ public function __construct(
         ?string $cookieDomain = null,
         bool $cookieSecure = false,
         bool $cookieHttpOnly = false,
-        string $cookieSameSite = 'Lax'
+        string $cookieSameSite = 'Lax',
+        bool $autoRegenerate = true
     ) {
         $this->cache = $cache;
 
@@ -112,6 +116,8 @@ public function __construct(
             : $this->getLastModified();
 
         $this->persistent = $persistent;
+
+        $this->autoRegenerate = $autoRegenerate;
     }
 
     public function initializeSessionFromRequest(ServerRequestInterface $request): SessionInterface
@@ -139,8 +145,8 @@ public function persistSession(SessionInterface $session, ResponseInterface $res
         // Regenerate the session if:
         // - we have no session identifier
         // - the session is marked as regenerated
-        // - the session has changed (data is different)
-        if ('' === $id || $session->isRegenerated() || $session->hasChanged()) {
+        // - the session has changed (data is different) and autoRegenerate is turned off in the configuration
+        if ('' === $id || $session->isRegenerated() || ($this->autoRegenerate && $session->hasChanged())) {
             $id = $this->regenerateSession($id);
         }
 

src/CacheSessionPersistenceFactory.php

@@ -34,6 +34,7 @@ public function __invoke(ContainerInterface $container)
         $cacheExpire    = $config['cache_expire'] ?? 10800;
         $lastModified   = $config['last_modified'] ?? null;
         $persistent     = $config['persistent'] ?? false;
+        $autoRegenerate = $config['auto_regenerate'] ?? true;
 
         return new CacheSessionPersistence(
             $container->get($cacheService),
@@ -46,7 +47,8 @@ public function __invoke(ContainerInterface $container)
             $cookieDomain,
             $cookieSecure,
             $cookieHttpOnly,
-            $cookieSameSite
+            $cookieSameSite,
+            $autoRegenerate
         );
     }
 }