We are regenerating session on each request in our application. When I click on menu for each request it creates new session and session file in \tmp folder.
But when simultaneously click on multiple menu it doesnt create new session and file.
We are using php function session_regenerate_id(true) to create session.
When I tried same function with false value session_regenerate_id(false) its working and doesn't logout on simultaneous request. What happened in this, new session is generated for only first and last request. For rest the request used first request session id.
Does it good to use session_regenerate_id(false) and prevent from session fixation attack?