Re: Session IP address matching
Hi!
> I have client who want to distinguish session by session ID.
> They don't want to store IP in session name.
> They would like to know creation and modification time w/o
> actually reading session data for performance reasons.
That would probably require custom read/write methods.
> which is really bad thing to do. session_create_id() generate ID using
> the same code PHP generates ID which is much secure than above and
> supposed to be faster than user land script.
I agree that exposing the ID creation function is a good addition
(actually if it was available I'd probably use it in other contexts
where I need a random token, not necessarily a session ID as such).
Maybe we need even more generic function and have session reuse that
code, too.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
Thread (29 messages)