Hi Leigh, On Tue, Jan 17, 2017 at 11:48 PM, Leigh <lei...@gmail.com> wrote:
> mt_rand is not advertised as crypto-quality. > > Where do you think mt_rand is used in session id generation? > I don't mention session module uses mt_rand, but older versions used php_combined_lcg() . Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
