[nycphp-talk] Merging/reissuing sessions ...
jon baer
jonbaer at jonbaer.net
Thu Oct 30 15:41:15 EST 2003
all this session talk thought id throw out a question ...
a long time ago someone made a plugin-like feature for tomcat java server
which allowed for something like a reissue of a session id in which it
merged together contents from one session content (the hard file) into a new
session key. it was something like:
session.reissue();
session.reissue(int); // tell it when to reissue after x transactions
(default 1)
it was mainly a security idea to prevent hijacking over time.
does session_regenerate_id() perform these same type of functions w/ a
transaction count? and is there anything new in php5 pertaining to this?
- jon
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
More information about the talk
mailing list