Hi, we validate all incoming parameters and that includes checking if the phpsession ID is only numbers and letters and is 32 Bytes long. This worked for some PHP5 Servers but we just encountered an 5.1.2 that issued sessionIDs that were 26 Bytes long. I cant find any note about that in either of the PHP5 changelogs. Question : What lengths are valid for PHP Sesssions is it possible to encounter valid sessions with a length other than 26 and 32? PHPinfo : http://neu.karnevalservice.de/dbcTrade/phpinfo.php thanks Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
