fix(session): log session_regenerate_id for debugging

[ChristophWurst]

• For debugging of #42157

Summary

From https://www.php.net/manual/en/function.session-regenerate-id.php

You should not destroy old session data immediately, but should use destroy time-stamp and control access to old session ID. Otherwise, concurrent access to page may result in inconsistent state, or you may have lost session, or it may cause client (browser) side race condition and may create many session ID needlessly. Immediate session data deletion disables session hijack attack detection and prevention also.

A session decryption error like HMAC mismatch triggers the session ID to regenerate, which in turn could lead to a lost session.

TODO

• [ ] ...

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• [ ] Tests (unit, integration, api and/or acceptance) are included
• [ ] Screenshots before/after for front-end changes
• [ ] Documentation (manuals or wiki) has been updated or is not required
• [ ] Backports requested where applicable (ex: critical bugfixes)