Hans Lellelid wrote:
I haven't looked in any detail at these functions, but wouldn't you be
able to prevent fixation by inquiring whether a particular session was
already started? -- rather than PHP's current (IMHO flawed) behavior
where a new session is simply started with whatever session is is p
M. Sokolewicz wrote:
"why is it this way" should also be posted to the general newsgroup, it
barely has anything to do with internals
The behavior of the session extension has everything to do with
internals. I'm not sure why everyone is sending him to php-general. No
one there is going to be abl
--- Adam Q <[EMAIL PROTECTED]> wrote:
> The database needs a password otherwise it is just too much of a
> security risk.
Based on my observation of the conversation you've been having, I think
you might be making things too complex on yourself. This database is just
a file. So, think of havi
.
> (Side note: I use my own random/MD5-based session IDs which should be
> hard to guess).
Do you think it's better than the existing session ID generation code? I
always trust the level of entropy provided by the native mechanism. If you
think you have a better solution, maybe you c
--- Georg Richter <[EMAIL PROTECTED]> wrote:
> Sure, your book isn't ready yet.
Is this really the criteria being used to support a lack of consistency?
This sort of thing (inconsistency) is one reason why PHP is frequently
attacked and why developers consider various APIs to be unintuitive. We
s
--- Melvyn Sopacua <[EMAIL PROTECTED]> wrote:
> If you're going to do this, then do it backwards compatible and
> 'leave' E_ALL at 2047 and move E_STRICT to 2048.
I like the idea of leaving E_ALL at 2047, but it's also quite intuitive
that E_ALL is the sum of all other error levels, and each of th
--- Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> As for always populating the raw post data. See the aptly named
> always_populate_raw_post_data php.ini setting.
I am probably mistaken, but doesn't this ini setting only work when the
content type is not application/x-www-form-urlencoded?
Chris
-
--- Harrie Hazewinkel <[EMAIL PROTECTED]> wrote:
> Could someone explain what the purpose is of 'User Contributed Notes".
> I noticed some notes as part of snmpget.php which are not notes,
> but questions for help.
> http://www.php.net/manual/en/function.snmpget.php
>
> Not sure what to do with th
