Provide customizable session regeneration behavior

[Eliasyoussef47]

Feature Request

Q	A
New Feature	yes
RFC	no
BC Break	no

Summary

I would like to be able to customize the behavior of the method CacheSessionPersistence::regenerateSession:

mezzio-session-cache/src/CacheSessionPersistence.php

Lines 155 to 168 in 83b5533

	/**
	* Regenerates the session.
	*
	* If the cache has an entry corresponding to `$id`, this deletes it.
	*
	* Regardless, it generates and returns a new session identifier.
	*/
	private function regenerateSession(string $id): string
	{
	if ('' !== $id && $this->cache->hasItem($id)) {
	$this->cache->deleteItem($id);
	}
	return $this->generateSessionId();
	}

Control whether or not the old session is deleted

Currently, the method regenerateSession always deletes the old session. I would like to be able to control this behavior.

Firstly, it might be nice to add a parameter to this method to make it match the PHP function session_regenerate_id. The extra boolean parameter will determine whether or not the old session will be deleted before generating the new ID.
Alternatively (or it might be even better to do both), I would like to see a boolean field that determines whether or not the old session will always be deleted before generating the new ID. The value of this field can be set in the constructor of CacheSessionPersistence.

Customize the behavior of CacheSessionPersistence::regenerateSession

I would like to partially or completely change the behavior of regenerateSession.
This can be done by calling callback function(s) provided by the user/calling code. The callback can be called before checking if the item exists in the cache.
Alternatively (and probably better), the regenerateSession method can become protected to allow the inheriting code to fully customize the implementation.

If an RFC is needed, I will be able to supply one. I'm also open to opening a pull request to implement this.

[Eliasyoussef47]

@weierophinney Can I get a response please?

[froschdesign]

@Eliasyoussef47
The $autoRegenerate flag does not help you to reach your goal?

[Eliasyoussef47]

@froschdesign
The $autoRegenerate indicates whether to always regenerate the session (and always delete the old one).
I would like to have control over which cases delete the old session and possibly when to regenerate the session.

[froschdesign]

@Eliasyoussef47

I would like to have control over which cases delete the old session and possibly when to regenerate the session.

The same question like in #60: What is the concrete use-case for this?

[Eliasyoussef47]

@froschdesign

It's currently needed to solve an issue where session loss occurs as a result of an unstable network or request cancellation.
This is similar to this issue: #43.
I would like to implement a custom behavior that aims to decrease the chance of this happening.
I'm aware of the session hijacking issue that can be a risk here. That will be taken into account while implementing my own solution.

Although, I realized that it's possible to use a custom SessionPersistenceInterface implementation. So that should be enough to achieve my goal.