When php started to take off things were added to the language as "helper" functions trying to preempt the thought process of the programmer and many of these so called "helper" functions/settings are now deprecated in v6 . register_globals was defaulted to off with php4 and will not exist in 6 nor will magic_quotes_gpc() and set_magic_quotes_runtime(). These are nothing more than a hindrance as you have to check whether they are on or off and take appropriate action when you really should be using the databases native quoting functions.
The php ssessions functions are something I honestly believe that no one should be using. For me they were an ill thought out addition to the language and I and many others are advocating they be deprecated with php 6. You have hit the nail on the head above with what happens if cookies are disabled and session_trans_sid is on. Again the programmer must go writing code to see what is and isnt enabled and take appropriate action. Not a "help" in any sense of the word.
Writing a database session class can be as simple or as complex as you need it to be and it is up to you how you pass the session identifier not on a configuration file that may or may nor have the features you require enabled.
The main advantage of using database sessions is that session fixation is impossible (the session will not exist in your database) and your only concern is packet sniffing/cookie theft.
__________________
"I have not failed. I have found 10,000 ways that don't work" - Thomas Edison.
"The secret to creativity is knowing how to hide your sources" - Albert Einstein.
|