diff --git a/core/lib/Drupal/Core/Session/SessionManager.php b/core/lib/Drupal/Core/Session/SessionManager.php
index 5e42186f71..42a5735891 100644
--- a/core/lib/Drupal/Core/Session/SessionManager.php
+++ b/core/lib/Drupal/Core/Session/SessionManager.php
@@ -216,23 +216,21 @@ public function regenerate($destroy = FALSE, $lifetime = NULL) {
       return;
     }
 
-    // The default behaviour in Drupal when regenerating a session is to destroy
-    // the existing session. This is inline with the @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
+    // Drupal will always destroy the existing session when regenerating a
+    // session. This is inline with the recommendations of @link https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
     // OWASP session management cheat sheet. @endlink
-    if (count(func_get_args())) {
-      $destroy = TRUE;
-    }
-
-    $regenerated = parent::regenerate($destroy, $lifetime);
+    $destroy = TRUE;
 
-    if (!$regenerated && $destroy) {
+    // Cannot regenerate the session ID for non-active sessions.
+    if (\PHP_SESSION_ACTIVE !== session_status()) {
       // Ensure the metadata bag has been stamped. If the parent::regenerate()
       // is called prior to the session being started it will not refresh the
       // metadata as expected.
       $this->getMetadataBag()->stampNew($lifetime);
+      return FALSE;
     }
 
-    return $regenerated;
+    return parent::regenerate($destroy, $lifetime);
   }
 
   /**