summaryrefslogtreecommitdiff
path: root/includes/session.inc
diff options
context:
space:
mode:
authorDavid Rothstein <drothstein@gmail.com>2013-11-20 15:49:21 -0500
committerDavid Rothstein <drothstein@gmail.com>2013-11-20 15:49:21 -0500
commitf01c994de8d6f54a5bef1523319c6da88048c146 (patch)
treef9f1a59d7cfcb10db208e54348a451d15facd9c5 /includes/session.inc
parent3611e1670591e657dd6e6000f98d061def471654 (diff)
parent782d1155c62c0a879bf587c7e40c3a13bcf6879c (diff)
downloadbrdo-f01c994de8d6f54a5bef1523319c6da88048c146.tar.gz
brdo-f01c994de8d6f54a5bef1523319c6da88048c146.tar.bz2
Merge tag '7.24' into 7.x
7.24 release Conflicts: CHANGELOG.txt includes/bootstrap.inc
Diffstat (limited to 'includes/session.inc')
-rw-r--r--includes/session.inc8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/session.inc b/includes/session.inc
index 16727df6d..9589e06fc 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -263,10 +263,10 @@ function drupal_session_initialize() {
// Less random sessions (which are much faster to generate) are used for
// anonymous users than are generated in drupal_session_regenerate() when
// a user becomes authenticated.
- session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE)));
+ session_id(drupal_random_key());
if ($is_https && variable_get('https', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
- $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE));
+ $session_id = drupal_random_key();
$_COOKIE[$insecure_session_name] = $session_id;
}
}
@@ -360,7 +360,7 @@ function drupal_session_regenerate() {
$old_insecure_session_id = $_COOKIE[$insecure_session_name];
}
$params = session_get_cookie_params();
- $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55));
+ $session_id = drupal_random_key();
// If a session cookie lifetime is set, the session will expire
// $params['lifetime'] seconds from the current request. If it is not set,
// it will expire when the browser is closed.
@@ -372,7 +372,7 @@ function drupal_session_regenerate() {
if (drupal_session_started()) {
$old_session_id = session_id();
}
- session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55)));
+ session_id(drupal_random_key());
if (isset($old_session_id)) {
$params = session_get_cookie_params();