It is a good security practice to regenerate the session ID following a successful login, in order to guard against the session being hijacked. This could occur should the attacking gains access to the session ID stored in a cookie prior to login.
Zend Framework 1 offers a simple static function call which forces a regeneration of the session ID:
You should add a call to this function following a successful login by the user.
You can find more about this function in the appropriate part of the Zend Framework documentation.