7 Nov
2005
7 Nov
'05
1:22 a.m.
At 6:09 PM -0500 6/11/05, Jeremy Andrews wrote:
Is there ever a time where the session_id may change from page to page (ie, what if cookies are disabled in the browser, and the server isn't configured to embed session ID's in the URL?)
I used to work on the PHPLIB project, and the user's session ID was always very stable and consistent. I never saw a support request about lost sessions that wasn't caused by a bad configuration of either browser or more usually the application. So I think that if the session ID has changed from when the form is shown to when it is submitted, that is a good enough reason to invalidate the submission. +1 to use session_id(). ...R.