[nycphp-talk] Merging/reissuing sessions ...
Hans Zaunere
hans at nyphp.org
Fri Oct 31 15:22:18 EST 2003
jon baer wrote:
> all this session talk thought id throw out a question ...
>
> a long time ago someone made a plugin-like feature for tomcat java server
> which allowed for something like a reissue of a session id in which it
> merged together contents from one session content (the hard file) into a new
> session key. it was something like:
>
> session.reissue();
> session.reissue(int); // tell it when to reissue after x transactions
> (default 1)
>
> it was mainly a security idea to prevent hijacking over time.
>
> does session_regenerate_id() perform these same type of functions w/ a
> transaction count? and is there anything new in php5 pertaining to this?
Perhaps a bit off topic but google for: psyn nyphp
I had written a session scheme that uses syn/ack numbers just like TCP does.
I never really finished it but I have some more klunky code if you want to see it.
H
More information about the talk
mailing list