[dev] Re: [cvs] commit: horde login.php imp redirect.php
Chuck Hagenbuch
chuck at horde.org
Sat Feb 8 23:19:51 PST 2003
Quoting Jon Parise <jon at horde.org>:
> I think it deserves a block comment explaining the reasoning behind
> re-creating the session. The logic itself looks sound, although I
> haven't tested it myself.
Actually, looking at this, I think we need one more step: we need to force a
new session ID. We can do this with session_id($value), but setting $value
isn't a minor thing, so I wanted to bring this up here.
For now, I've added Horde::getCleanSession(), with this last step commented
out until we agree on how to generate new session_ids().
For now, I'd suggest:
$new_session_id = md5(uniqid(mt_rand(), true));
I know uniqid is slow, but this is a login-only thing, and it's important to
really get a unique value here. If someone has an argument that uniqid()
isn't needed, I'm happy to hear that, too.
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
must ... find ... acorns ... *thud*
More information about the dev
mailing list