improve session ID assignment to avoid possible overlaps.

Signed-off-by: Taylor Otwell <taylorotwell@gmail.com>

laravel/session/payload.php

@@ -54,22 +54,17 @@ class Payload {
 
 		// If the session doesn't exist or is invalid we will create a new session
 		// array and mark the session as being non-existent. Some drivers, such as
-		// the database driver, need to know whether the session exists in storage
-		// so they can know whether to insert or update the session.
+		// the database driver, need to know whether it exists.
 		if (is_null($this->session) or static::expired($this->session))
 		{
 			$this->exists = false;
 
-			$this->session = array('id' => Str::random(40), 'data' => array(
-				':new:' => array(),
-				':old:' => array(),
-			));
+			$this->session = $this->driver->fresh();
 		}
 
 		// A CSRF token is stored in every session. The token is used by the Form
 		// class and the "csrf" filter to protect the application from cross-site
-		// request forgery attacks. The token is simply a long, random string
-		// which should be posted with each request to the application.
+		// request forgery attacks. The token is simply a random string.
 		if ( ! $this->has(Session::csrf_token))
 		{
 			$this->put(Session::csrf_token, Str::random(40));
@@ -125,8 +120,7 @@ class Payload {
 
 		// We check for the item in the general session data first, and if it
 		// does not exist in that data, we will attempt to find it in the new
-		// and old flash data. If none of those arrays contain the requested
-		// item, we will just return the default value.
+		// and old flash data, or finally return the default value.
 		if ( ! is_null($value = array_get($session, $key)))
 		{
 			return $value;
@@ -247,7 +241,7 @@ class Payload {
 	 */
 	public function regenerate()
 	{
-		$this->session['id'] = Str::random(40);
+		$this->session['id'] = $this->driver->id();
 
 		$this->exists = false;
 	}