Re: [SM-DEVEL] session id bug?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, November 20, 2005 20:53, Michael Long wrote:
> I haven't looked at that part of the code, but is it not possible to pu=
t
> in a check for that...maybe by creating a new name if the one from the
> cookie is blank?

That won't unfortunately fix session.auto_start (which if I remember
correctly we don't recomment using anyway).  The code to regenerate
session IDs is only available after PHP 4.3.0, so we'd have to home grow
our own code.  The example on PHPs website uses values that are influence=
d
by the user/system locales.

If we could find some fashion of generating a unique id, we probably
could.  I was thinking of something along the lines of a hash of the
remote IP, remote port, microtime, the browser identifier, and maybe a
string from OneTimePadCreate from strings.php, all merged together, and
then md5'd.  I think the probability of generating two MD5s that are
identical is very slim from what I've heard.

- --=20
Jonathan Angliss
<jo...@sq...>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iEYEARECAAYFAkOBOF0ACgkQK4PoFPj9H3MMRgCguP6WVzJl8tWkFdwUJC9Gh5DW
a1sAnjEiLSRoSkDhzbcyyf+dy0hUgm0g
=3DARO+
-----END PGP SIGNATURE-----