unread
Hi all,
I've got request for session_available() which can check if session
ID is sent from client or not before starting session.
(The session data existence does not matter)
This is for GDPR primarily. Starting session before agreement can be
GDPR compliance violation.
Since PHP supports various way to embed session ID in page / request,
finding actual state by user script is not a simple task. i.e. Just checking
session ID cookie is not good enough by session module spec. Session ID
can be stored in URL path, query, POST parameter and cookie.
Any comments?
--
Yasuo Ohgaki
yohgaki@ohgaki.net