regenerateId method

void regenerateId()

Regenerates the session ID for security.

Implementation

void regenerateId() {
  final sessionData = Map<String, dynamic>.from(_session);
  // Preserve important metadata
  final timeout = sessionData['timeout_seconds'];

  _session.destroy();
  // After destroy, accessing _session creates a new session

  // Restore data but update creation time for security
  sessionData.forEach((key, value) {
    if (key != 'created_at' && !key.toString().startsWith('_flash')) {
      // Don't restore old creation time or flash data (handled separately?)
      // Actually we should restore flash data
      _session[key] = value;
    }
  });

  // Restore flash
  if (sessionData.containsKey('_flash_new')) {
    _session['_flash_new'] = sessionData['_flash_new'];
  }
  if (sessionData.containsKey('_flash_old')) {
    _session['_flash_old'] = sessionData['_flash_old'];
  }

  // Set new creation time
  _session['created_at'] = DateTime.now().toIso8601String();
  // Preserve timeout if it was set
  if (timeout != null) {
    _session['timeout_seconds'] = timeout;
  }
}