[PHP-DEV] session_regenerate_id(true) by default

[Yasuo Ohgaki]

Hi all,

Without 'true', session_regenerate_id() will not delete old session data
which may contain sensitive data. It was made to 'false' by default for
users relying on the bug. (PHP 4.x, IIRC)

Almost all users should call session_regenerate_id() with 'true' parameter.
Therefore, I would like to suggest make it 'true' by default from next PHP.

Any comments?

--
Yasuo Ohgaki
yohg...@ohgaki.net