phplib-users

[Giancarlo <gia...@na...>]

reading NEWS in 4.3.2 I found
- Added session_regenerate_id() function. (Sascha)

I think this should give the possibility to transit any session into a 
new session, eg once authed.

And then I see that my old fixation about providing unadverted user with 
a preexisting session, has been widely accepted as evil. PHP doc 
mentions a nice doc, titled "Session Fixation"

http://www.acros.si/papers/session_fixation.pdf

Gian