Rasmus Lerdorf wrote: > > > Any propagation, doesn't matter. > > The passed id must exist, otherwise discarded and regenerated. > > I saw that php already creates the session at the start. > > > > The possibility to count on a stable name, because recreable anytime > > and though surviving gc, is a great weaknes for that tipe of snoop. > > php has to have the nicely dedicated devices to generate the id. > > And it does. The session ids are not predictable, especially if you set > the entropy source to something like /dev/urandom in php.ini > > -Rasmus
Sorry, but I feel like speaking with HAL.. The unpredictable choice has to be made by a dedicated device except whenever any user decides to create his favourite one? I mean by appending ?PHPSESSID=foo that is what happens. User choice is ginven priority over that dedicated device. User can force php to create and recreate anytime any known id of his choice. Gian -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
