From: Jonathan A. <jo...@sq...> - 2005-11-21 03:01:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, November 20, 2005 20:53, Michael Long wrote: > I haven't looked at that part of the code, but is it not possible to pu= t > in a check for that...maybe by creating a new name if the one from the > cookie is blank? That won't unfortunately fix session.auto_start (which if I remember correctly we don't recomment using anyway). The code to regenerate session IDs is only available after PHP 4.3.0, so we'd have to home grow our own code. The example on PHPs website uses values that are influence= d by the user/system locales. If we could find some fashion of generating a unique id, we probably could. I was thinking of something along the lines of a hash of the remote IP, remote port, microtime, the browser identifier, and maybe a string from OneTimePadCreate from strings.php, all merged together, and then md5'd. I think the probability of generating two MD5s that are identical is very slim from what I've heard. - --=20 Jonathan Angliss <jo...@sq...> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkOBOF0ACgkQK4PoFPj9H3MMRgCguP6WVzJl8tWkFdwUJC9Gh5DW a1sAnjEiLSRoSkDhzbcyyf+dy0hUgm0g =3DARO+ -----END PGP SIGNATURE----- |