On Sun, Feb 2, 2014 at 4:14 PM, Stas Malyshev <[email protected]>wrote:
>
> > To set user defined session ID, user has to do
> >
> > ini_set('session.use_strict_mode', FALSE);
> > session_id(session_create_id('SOME-USEFUL-PREFIX'));
> >
> > With this change, user could do
> >
> > session_id(session_create_id('SOME-USEFUL-PREFIX'));
>
> I think having parameter on session_id is preferable. What happens if
> this is not set and you do session_id('blah') - does it start the
> session? What is returned from session_id as the result?
It could have signature like
string session_id(string $prefix_or_id [, bool $use_prefix]);
and
session_id('SOME-PREFIX-', TRUE); // return
SOME-PREFIX-xxxxxxxxxxxxxxxxxxxxx
session_id() returns current PS(id) always.
When there is active session, session_id('something') sets PS(id).
It set PS(id) and it will be used as session ID if session is closed and
open again.
We have to decide what we will do about use_strict_mode behavior.
It may be easier automatically set use_strict_mode=FALSE.
I would like to expand uniqid() or create new function that returns
secure random string, so session_create_id() is not mandatory.
I agree
string session_id(string $prefix_or_id [, bool $use_prefix]);
simpler. Simpler is better :)
Regards,
--
Yasuo Ohgaki
[email protected]