Ok, then that is a bug that needs to be fixed before 4.3. On Mon, 19 Aug 2002, Giancarlo wrote:
> Il 00:13, luned́ 19 agosto 2002, hai scritto: > > > Il 23:54, domenica 18 agosto 2002, Rasmus Lerdorf ha scritto: > > > > Hrm.. Wait a second though, Giancarlo is saying that if the user > > > > passes in a session id himself and that session does not exist, then > > > > that will be the session id he will be given if a session is created on > > > > that request. Is that correct, Giancarlo? > > > > > > Well, yor browser has to be 'virgin' with regards to that cookie. > > > You musn't have received one already. to be an available victim > > > > Even if you haven't received a cookie already, I don't think you can set > > the session id the way you describe. Can you get PHP to create > > /tmp/sess_123 given my example? > > > > Yes, I do > > [root@pong tmp]# ls -l sess* > -rw------- 1 nobody 4294967295 12 Aug 19 00:31 sess_123 > > it contains: > > a|s:3:"Foo"; > > Giancarlo > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
