Issue with session ID being refreshed twice during login

[Jehong-Ahn]

During login, the Session::migrate() function is already being called within attempt() to refresh the session ID. When regenerate() is subsequently called, it triggers Session::migrate() again, causing the session ID to be refreshed a second time.

This has been fixed by only calling regenerateToken().

[tnylea]

Hey, @Jehong-Ahn. Thanks for the PR.

Can you help me understand what this is resolving? The regenerate() method essentially calls the regenerateToken() just the same. It is not regenerating the session ID because, by default, you can see that on regenerate($destroy=false) destroy is set to false: https://github.com/laravel/framework/blob/12.x/src/Illuminate/Session/Store.php#L592,

Maybe there's something else I'm not understanding. If so, let me know, and I'll look into it further.

Appreciate it!

[Jehong-Ahn]

Hello, @tnylea. Thank you for your warm welcome.

In the current implementation, the $destroy parameter is passed to the migrate() method. However, regardless of the value of $destroy, migrate() always calls generateSessionId().

As a result, if migrate() is invoked twice during the login process, generateSessionId() will also be executed twice.

https://github.com/laravel/framework/blob/12.x/src/Illuminate/Session/Store.php#L613