On Wed, 10 Aug 2016 at 10:15 Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi all,
>
> This is RFC for adding session_create_id() function.
>
> Session ID string uses special binary to string conversion. Users
> should write lengthy and slow code to have the same session ID string
> as session module does.
I disagree, this pretty much covers it:
function session_create_id()
{
$encoded = base64_encode(random_bytes(32));
// Use same charset as PHP
return rtrim(strtr($encoded, '+/', ',-'), '=');
}
