"Cpt John W. Holmes" wrote: > > PHP 4.3.2 created a new session ID, but it didn't resend the cookie. So the > next request would include the old session ID again from the cookie.
I wonder what it is then good for. Changing the id internally without notifying the client does not make much sense IMHO. > > What are you trying to do? Changing the session id upon a login to prevent referal attacks. Alexander -- PINO - The free Chatsystem! Available at http://www.pino.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php