On Wed, 6 Jul 2016 at 13:10 Christoph Becker <cmbecke...@gmx.de> wrote:
> > Yes, I am aware that the patch uses php_random_bytes(), but what happens > when it fails, in which case php_session_create_id() returns null[1]? > Would it be impossible to use a session in this case? > > [1] > < > https://github.com/php/php-src/pull/1850/files#diff-52eb9eb7f9d5d9125fbb1337a6541c06R315 > > > > -- > Christoph M. Becker > The FAILURE check here is redundant because it is using the _throw variant of random_bytes, which means an exception is thrown if there isn't a good source of random available.