On Wed, 10 Aug 2016 at 10:15 Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi all, > > This is RFC for adding session_create_id() function. > > Session ID string uses special binary to string conversion. Users > should write lengthy and slow code to have the same session ID string > as session module does. I disagree, this pretty much covers it: function session_create_id() { $encoded = base64_encode(random_bytes(32)); // Use same charset as PHP return rtrim(strtr($encoded, '+/', ',-'), '='); }