As above: Is it possible to regenerate Code Igniter sessions manually? I'm looking for something similar to session_regenerate_id in PHP sessions, so that I could call it manually when a user went through privilege escalation.

Thanks,

Lemiant

CI automatically regenerates the session id every x seconds, which you can set in your config.

You could create a new function in Session.php the same as sess_update() but with the following removed from the top & the function renamed to regenerate_id().

// We only update the session every five minutes by default
if (($this->userdata['last_activity']+$this->sess_time_to_update) >= $this->now)
{
return;
} 

This will regenerate the session id, update users_activity and keep the users data. Just call it by $this->session->regenerate_id();

I know this is an old post, but I came across it, so others might too.

You could also do the following so you don't have to hack the core files at all (making codeigniter more easily upgradable with future releases):

//Setting this to 0 forces the sess_update method to regenerate on the next call
$this->session->sess_time_to_update=0;
//Call the sess_update method to actually regenerate the session ID
$this->session->sess_update();

Credit to the original answer for leading me down this path though, thank you.