Hi all, I've got request for session_available() which can check if session ID is sent from client or not _before_ starting session. (The session data existence does not matter)
This is for GDPR primarily. Starting session before agreement can be GDPR compliance violation. Since PHP supports various way to embed session ID in page / request, finding actual state by user script is not a simple task. i.e. Just checking session ID cookie is not good enough by session module spec. Session ID can be stored in URL path, query, POST parameter and cookie. Any comments? -- Yasuo Ohgaki yohg...@ohgaki.net