NYCPHP Meetup

[Nunez, Eddy]

Jerry,
Why do you do this?
Doesn't PHP 4.2.x and higher create session ids properly?
Or do you need a specific id for your specific circumstance?

-Ed

-----Original Message-----
From: Jerry Kapron [mailto:nyphp at newageweb.com]
Sent: Thursday, May 29, 2003 9:49 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP 4.3.2 released


I can't find anything on the new session_regenerate_id() finction yet.
However if it does what I think it does, here is what I've been using in
it's place:

// at this point the session is already open
$tmp_SESSION = $_SESSION;
session_unset();
session_destroy();

session_id(
md5(microtime().$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']));
session_start();
$_SESSION = $tmp_SESSION;
unset($tmp_SESSION);


Cheers,
Jerry
--
42.7% of all statistics are made up on the spot. 


-----Original Message-----
From: Daniel Kushner <nyphp at websapp.com>
To: NYPHP Talk <talk at nyphp.org>
Date: Thursday, May 29, 2003 8:42 AM
Subject: [nycphp-talk] PHP 4.3.2 released


>After a lengthy QA process, PHP 4.3.2 is finally out!
>This maintenance release solves a lot of bugs found in earlier PHP versions
>and is a *strongly* recommended upgrade for all users of PHP.
>
>PHP 4.3.2 contains, among others, following important fixes, additions and
>improvements:
>
>- Fixes several potentially hazardous integer and buffer overflows.
>- Fixes for several 64-bit problems.
>- New Apache 2.0 SAPI module (sapi/apache2handler, enabled
>with --with-apxs2).
>- New session_regenerate_id() function. (Important feature against
malicious
>session planting).
>- Improvements to dba extension.
>- Improvements to thttpd SAPI module.
>- Dropped support for GDLIB version 1.x.x (php_gd.dll) on Windows.
>- An unix man page for CLI version of PHP.
>- New "disable_classes" php.ini option to allow administrators to disable
>certain classes for security reasons.
>- ..and a HUGE amount of other bug fixes!
>
>For a full list of changes in PHP 4.3.2, see the NEWS file.
>(http://www.php.net/ChangeLog-4.php).
>
>
>
>Best,
>Daniel Kushner
>Vice President, New York PHP
>http://nyphp.org/
>daniel at nyphp.org
>
>
>
>
>
>
>



--- Unsubscribe at http://nyphp.org/list/ ---



**********************************************************************
This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies.  You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
TIAA-CREF
**********************************************************************