Session persistence issue

I am writing a CRM program with the following technical specification. I hit an issue with broswer “session”

  • PHP 5.2.x
  • Apache 2.x
  • Cakephp framework
  • when set the security level to ‘medium’, the session persist but it won’t destroy itself after browser close:sick:
  • when set the security level to ‘high’, the session will be cleared after user close the browser, but the session will be lost occasionally e.g. click multiple hyperlinks in a sec:mad:

Can someone suggest what could possibly go wrong and how to rectify the issue?

It might have to do something with session_regenerate_id.
Every time you reload the page, the session id will be regenerated.
The session id is stored at the clients’ side when the request is handled, so when you click some links right after one other, or reload the page a couple of times in a row, the session is only regenerated at the servers side, but not stored at the clients side because the headers for the connection that was made were never received.

The only solution to this, is to stop the session from regenerating by commenting that line of code or setting the security level to medium.