On Mon, May 20, 2013 at 4:14 PM, Tim Schofield <tim@xxxxxxxxxxxxxxxx> wrote: > Matijn > > There are well over half a million lines of source code in PHP. It seems a > little unhelpful to tell someone to go and read half a million lines of C > when you could just tell them the answer? > > Thanks > Tim > > Course View Towers, > Plot 21 Yusuf Lule Road, > Kampala > T +256 (0) 312 314 418 > M +256 (0) 752 963 325 > www.weberpafrica.com > Twitter: @TimSchofield2 > Blog: http://weberpafrica.blogspot.co.uk > On May 20, 2013 6:24 PM, "Matijn Woudt" <tijnema@xxxxxxxxx> wrote: > > > On Mon, May 20, 2013 at 5:33 AM, 孟远涛 <yuantao.meng@xxxxxxxxx> wrote: > > > > > I find the Note in PHP document. > > > http://www.php.net/manual/en/function.session-id.php > > > > > > "Note: When using session cookies, specifying an id for session_id() > will > > > always send a new cookie when session_start() is called, regardless if > > the > > > current session id is identical to the one being set." > > > > > > I feel puzzled about this feature. Even if the current session id is > > > identical to the one one being set, session_start will send a new > > cookie. I > > > want to know why session_start behave in this way. > > > > > > Forgive my poor English. Thanks in advance. > > > > > > > You will find the answer in the PHP source code. > > If you don't want this to happen, check if the current session id matches > > with the value you want to set it to, and don't set if they match. > > > > - Matijn > > > I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking