protected function regenerateSessionId()
{
$container = \System::getContainer();
$strategy = $container->getParameter('security.authentication.session_strategy.strategy');
// Regenerate the session ID to harden against session fixation attacks
switch ($strategy) {
case SessionAuthenticationStrategy::NONE:
break;
case SessionAuthenticationStrategy::MIGRATE:
$container->get('session')->migrate(false);
// do not destroy the old session
break;
case SessionAuthenticationStrategy::INVALIDATE:
$container->get('session')->invalidate();
break;
default:
throw new \RuntimeException(sprintf('Invalid session authentication strategy "%s"', $strategy));
}
}
