Hi! > Concern has been discussed is risk of broken PRNG and predictable > session ID. We may insist any platform must have reliable PRNG, but it > would be good idea to have least mitigation. Reading extra bytes > should be good enough for this purpose.
I still see no reason to change it stated in the RFC except performance (which is irrelevant in all contexts I know of). It states the change but omits the reason why this change is necessary. Could you please add that part? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
