updateSessionId() public static method

update session id in database
public static updateSessionId ( string $userId, string $sessionId = null ) : string
$userId string
$sessionId string
return string
  * Logout the user, clear session
 public static function logout()
     $userId = Session::get('user_id');
  * The real login process: The user's data is written into the session.
  * Cheesy name, maybe rename. Also maybe refactoring this, using an array.
  * @param $user_id
  * @param $user_name
  * @param $user_email
  * @param $user_account_type
 public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type)
     // remove old and regenerate session ID.
     // It's important to regenerate session on sensitive actions,
     // and to avoid fixated session.
     // e.g. when a user logs in
     $_SESSION = array();
     Session::set('user_id', $user_id);
     Session::set('user_name', $user_name);
     Session::set('user_email', $user_email);
     Session::set('user_account_type', $user_account_type);
     Session::set('user_provider_type', 'DEFAULT');
     // Set class_id
     Session::set('class_id', self::getClassID());
     // get and set avatars
     Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id));
     Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email));
     // finally, set user as logged-in
     Session::set('user_logged_in', true);
     // update session id in database
     Session::updateSessionId($user_id, session_id());
     // set session cookie setting manually,
     // Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP.
     // @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies
     setcookie(session_name(), session_id(), time() + Config::get('SESSION_RUNTIME'), Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));