Hi! > I've disallowed empty session ID, but it wasn't a > appropriate fix. > > https://bugs.php.net/bug.php?id=68063
Could you explain a bit more about the part where there are empty IDs generated? You say it "is browser's cookie handling" - could you explain more about it? > I made appropriate patch for this issue. It should be > applied from PHP 5.5 to master. I attached patch to > the bug report. Could you apply it from PHP 5.5? Or > shall I commit it from 5.6? then cherry pick? Is that a security issue? If so, please explain how. If not, it should be 5.6+. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
