Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:122541
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 7AFB21AD8F6
	for <internals@lists.php.net>; Sun,  3 Mar 2024 13:25:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1709462273; bh=8jyGWYARQouHRg13WSdg8ku1S4CC6/i9ceXeNjLHm+8=;
	h=In-Reply-To:References:Date:From:To:Subject:From;
	b=bRg79/8Nm+Mfcza1PTplCWaaP7OXFanjCgXVAxG9TgpYgmWVKluqH7MlWnuQk762K
	 UAIp2U5ghM+64HF24TGan5nMthcpWWwkhvJCf7wlzZ6bc5AV0Ff+Z4wmB5MMj/8B0e
	 4d02o2qeCcUwP6/4vsppHEiAeuC9GbDPpLKKmjgSOfbmmhaypko2FppjvJ84W5Sxva
	 9Jl+YFK07klXcbsa2VLzJbb9l++nYLhdZhCHmAbWmnEWQ9fluTmd1JAEZpXKEa18YI
	 C2Ut7KNzAgjZq8ducnJfBeWSBxF+vc1UI6Im0ENvTYpSm18bg+Nmnf+CCQbAaoxdBN
	 sHV7UIEpLAZjA==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 9B93418A1DA
	for <internals@lists.php.net>; Sun,  3 Mar 2024 10:37:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <rob@bottled.codes>
Received: from wfhigh2-smtp.messagingengine.com (wfhigh2-smtp.messagingengine.com [64.147.123.153])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun,  3 Mar 2024 10:37:50 +0000 (UTC)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailfhigh.west.internal (Postfix) with ESMTP id DB50518000B3
	for <internals@lists.php.net>; Sun,  3 Mar 2024 05:37:36 -0500 (EST)
Received: from imap49 ([10.202.2.99])
  by compute1.internal (MEProxy); Sun, 03 Mar 2024 05:37:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bottled.codes;
	 h=cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm2; t=1709462256; x=1709548656; bh=8jyGWYARQo
	uHRg13WSdg8ku1S4CC6/i9ceXeNjLHm+8=; b=gnWR7mbFCiJejXFUDImv6oFYrW
	itLaSfgWRmvcG9YisojwYL9bjUCAWIuYLb4OekcXoQ1jP45bIRvnB4VB8N9I3YyK
	toUYlDb159EPYU8IUVhL40mHAAh46VDrqzp/wzUHmuz8GfgPlwfYDsg5DEU1dlex
	eapVVTOG4kgzfIOvjdYHalXoes/ZOxKWLByVtYR+WXxg4LEL1plwH7Afa19BQbi+
	WxdFgF0dxHFKYmSIBPU1GOExRlokZl1JMj+DPV8DUU9gthjaWH1Xsp+JrPQzeXpi
	psJ/8aUFhnj+a0querP9nXY9kY+/QXH68fTHa5jfp9k2GSLQcOhpfvllWWEA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1709462256; x=1709548656; bh=8jyGWYARQouHRg13WSdg8ku1S4CC
	6/i9ceXeNjLHm+8=; b=FrFA/ojnJxUVcTpr7roud4f7UELIHUa5yPP+YHkPYogR
	QFsrzA4p205nGaAOiFGRGvOJSxQM2Zhd+DrgduQgBWfXB9AQ1aMGkgFaZFu6r5hq
	ifwoUHCBi452oTi9tUi8BqUJRB3I5apNLDefubzrhDMWQiorrZYq6r43W7KSq+Uo
	lJFplI3gT3BC09ADnyeP9GND6Yr5hX046nTDMW+eDcxRNLOHVBp2iWvLZrmxohVh
	qecVncUzYPo64e8Sd6gDNO8boDG0WAMc3VHKEMKWdT1Lj9K0BEAGIZ0Dcavqt9+j
	lFvFuYBZ3uknLX8diuVwMvW112yhPa2dGRkq0F1eFQ==
X-ME-Sender: <xms:71LkZfXx3NQml9wHq7if5-uJF4qz8T1ZEgyFOp0ZUemf7-zFciBa7Q>
    <xme:71LkZXk_R-__FRovrg5w-fe3WI1mzI3jpzdPaNPXxb5IseBIxwsFdod8vcvAPgKck
    -zFMJwm4q5-XIGyvv4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrheehgddukecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesrgdtre
    erreerjeenucfhrhhomhepfdftohgsucfnrghnuggvrhhsfdcuoehrohgssegsohhtthhl
    vggurdgtohguvghsqeenucggtffrrghtthgvrhhnpedufedtgedvhffhkeektedvffdufe
    ekleffuefgiefffffhieefveelhfetteehtdenucffohhmrghinhepphhhphdrnhgvthen
    ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrohgsse
    gsohhtthhlvggurdgtohguvghs
X-ME-Proxy: <xmx:71LkZbYUSU2iUnupIpN4S7kXO9H9uQCnpkQMx6jhdJyUumfDBOzWYQ>
    <xmx:71LkZaXBZMHCqgmmQkMXiue38x_lZ-oTQwUbQ0n3r5uMjGUPorLo6A>
    <xmx:71LkZZl1QLQ3uRj2GFBbXBJV2-0zGXKPaG-3oKhR4vxY2D-jeJk_ZQ>
    <xmx:8FLkZYvS44ogjICYABLzjf5JNuYYysDJGAaMJlBuKwztCwUWK8bUT5tQMBw>
Feedback-ID: ifab94697:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id BA17415A0092; Sun,  3 Mar 2024 05:37:35 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-205-g4dbcac4545-fm-20240301.001-g4dbcac45
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
MIME-Version: 1.0
Message-ID: <6ab812e1-5fdf-4941-9d6a-c3251f20f5b9@app.fastmail.com>
In-Reply-To: 
 <CAGBsUrera8cVE5nW1H6bCSok+gOjpHCyqutaCewoXEtYju-8yA@mail.gmail.com>
References: 
 <CAGBsUrera8cVE5nW1H6bCSok+gOjpHCyqutaCewoXEtYju-8yA@mail.gmail.com>
Date: Sun, 03 Mar 2024 11:37:15 +0100
To: internals@lists.php.net
Subject: Re: [PHP-DEV] [RFC] [Discussion] Deprecate GET/POST sessions
Content-Type: multipart/alternative;
 boundary=095f78191a954e2b840aeef184c68bd4
From: rob@bottled.codes ("Rob Landers")

--095f78191a954e2b840aeef184c68bd4
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 2, 2024, at 22:10, Kamil Tekiela wrote:
> Hi Internals,
>=20
> I would like to start a discussion on a new RFC
> https://wiki.php.net/rfc/deprecate-get-post-sessions
>=20
> Please let me know whether the idea is clear and the RFC is understand=
able.
>=20
> In particular, I am looking for any feedback as to why this is a bad
> idea. The primary motivation behind this RFC is to reduce potential
> security pitfalls.
>=20
> Regards,
> Kamil Tekiela
>=20

For what it is worth, I=E2=80=99ve used this with great success on Googl=
e=E2=80=99s http-based job system in their cloud. Whether that is a good=
 idea or not, I have no idea. But I suspect I=E2=80=99m not the only one=
 that has relied on this behavior.=20

=E2=80=94 Rob
--095f78191a954e2b840aeef184c68bd4
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso=
Normal,p.MsoNoSpacing{margin:0}</style></head><body><div>On Sat, Mar 2, =
2024, at 22:10, Kamil Tekiela wrote:<br></div><blockquote type=3D"cite" =
id=3D"qt" style=3D""><div>Hi Internals,<br></div><div><br></div><div>I w=
ould like to start a discussion on a new RFC<br></div><div><a href=3D"ht=
tps://wiki.php.net/rfc/deprecate-get-post-sessions">https://wiki.php.net=
/rfc/deprecate-get-post-sessions</a><br></div><div><br></div><div>Please=
 let me know whether the idea is clear and the RFC is understandable.<br=
></div><div><br></div><div>In particular, I am looking for any feedback =
as to why this is a bad<br></div><div>idea. The primary motivation behin=
d this RFC is to reduce potential<br></div><div>security pitfalls.<br></=
div><div><br></div><div>Regards,<br></div><div>Kamil Tekiela<br></div><d=
iv><br></div></blockquote><div><br></div><div>For what it is worth, I=E2=
=80=99ve used this with great success on Google=E2=80=99s http-based job=
 system in their cloud. Whether that is a good idea or not, I have no id=
ea. But I suspect I=E2=80=99m not the only one that has relied on this b=
ehavior.&nbsp;</div><div><br></div><div id=3D"sig121229152">=E2=80=94 Ro=
b<br></div></body></html>
--095f78191a954e2b840aeef184c68bd4--