[drupal-devel] Seems like form validation might fail with
drupal.org at juggernaut.com.au
Mon Nov 7 00:22:22 UTC 2005
At 6:09 PM -0500 6/11/05, Jeremy Andrews wrote:
>Is there ever a time where the session_id may change from
>page to page (ie, what if cookies are disabled in the
>browser, and the server isn't configured to embed session
>ID's in the URL?)
I used to work on the PHPLIB project, and the user's session ID
was always very stable and consistent. I never saw a support
request about lost sessions that wasn't caused by a bad
configuration of either browser or more usually the application.
So I think that if the session ID has changed from when the
form is shown to when it is submitted, that is a good enough
reason to invalidate the submission.
+1 to use session_id().
More information about the development