One change adds a PHP function session_is_started() to determine if a session has already been, well... started. :)
It also adds an optional id parameter to session_regenerate_id() allowing the user to provide their own id instead of PHP generating a new one. I'm not implying there is anything wrong with PHP generating a new id. I just need session_regenerate_id() to behave like session_id($myID), only after a session has already been started.
Provided that the code is good: +1
These sounds like great features (especially for session fixation/hijack prevention).
S
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
