On 1 November 2015 at 16:07, Tom Worster <f...@thefsb.org> wrote: > > I don't have one. > > But if I may ask, I'm curious, as always: What happens in the case that > php_random_bytes() fails? > > Tom >
That's a good point. session_start() would throw the exception generated by php_random_bytes() letting you know your system is incapable of generating high quality random numbers. However this is a serious issue in it's own right, the APIs used (and the way they are used) really only fail if the underlying environment is fubar.
