On Wed, Jan 13, 2016 at 12:03 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: > Hi! > >> I've disallowed empty session ID, but it wasn't a >> appropriate fix. >> >> https://bugs.php.net/bug.php?id=68063 > > Could you explain a bit more about the part where there are empty IDs > generated? You say it "is browser's cookie handling" - could you explain > more about it? > >> I made appropriate patch for this issue. It should be >> applied from PHP 5.5 to master. I attached patch to >> the bug report. Could you apply it from PHP 5.5? Or >> shall I commit it from 5.6? then cherry pick? > > Is that a security issue? If so, please explain how. If not, it should > be 5.6+.
IMO, this is not security related. Julien.Pauli -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
