On 12/08/16 00:20, Yasuo Ohgaki wrote: > I've missed to handle session.hash_bits_per_character here. There are > people validating SID (used chars and length) via WAF or PHP code. > session.hash_bits_per_character handling is mandatory for such system.
Since 'id' is a variable, isn't this just a specialist constraint applied to that variable ;) The various new hash rules follow the same pattern. Add a domain of 'session_id' to the variable and that selects all the right rules to handle it ... yes specialist code generating a special variable may be more efficient, but if the framework is right than one can simply adjust the rules on a generic variable to cater for your own requirements? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
