Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:130608 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 2E3091A00BC for ; Sat, 11 Apr 2026 18:23:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1775931838; bh=fiOx7o3yHfOTZklKuk8wx1wVWSW3BUD9FXnSO3IPVP8=; h=From:Date:Subject:To:From; b=W8gxveTfKoubi4h2BM4ee8DGXSnQGTUvlf99GmjQLg9nj/ec3u5g1YlFGcOjHF3Te myMOhoq1wtKJG+Lm7Pt0IUVVNRwa6TZjH26cGmvarRxC7VKUvZzpZ+39IViyChz7v6 C6C45F8+pMbKu74vd8T/gGZG8ntVK2s3lCvVXdqPIP/+0PvjQkaU3h92m8kj9Ym0/X wD10kKls9oF267FVTiSPqG5IB8k6s21Bl1+p/QWnw16CKT/CLyu1pYEIpB4rFeqyFy a+VyaEHD/J2LlG8X1YwJ2WqH4VigMCH4LdzEMiJmg1y238aF5oyDiPKe0xiJ6PHZ2A CYGgURSOx5K6Q== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 1A220180042 for ; Sat, 11 Apr 2026 18:23:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_50, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 11 Apr 2026 18:23:44 +0000 (UTC) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2ad21f437eeso17552035ad.0 for ; Sat, 11 Apr 2026 11:23:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775931819; cv=none; d=google.com; s=arc-20240605; b=JGBiYFO+PMbRd83DOmEmnOaQGR+c+uHOknpKcYCrw36sQUtCsv5nTmRJQqJZ06HCYI QuMQXRbAj+wBLaV+lHrs6uOKi+iY4qxtPfoKnqQz7anaeQoy+C2NXbCXEocRttDkciRo F5Ulp9/gAPm9o//U5rthhQpSGKZAI2ab4dnvv6IPRvAE5XpsUuOVe3n6edsOAmnwEwCH wwNq2ZDXhiUkvJeRRp/m1r+QR3ZXSaNVwSDH0B2QCenE0TAWCTTFzqRfOegWy2Zp8PP6 6wUgQZIKE4kmK6ID2eQ6DQ9JJh3YVgOyp71WOwlrVTZFA44dwn/WmUD3qTMOFI1Xn9hy 64Kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=fiOx7o3yHfOTZklKuk8wx1wVWSW3BUD9FXnSO3IPVP8=; fh=PwvV1jWZOR90rDIG/6XexqaHJyAFBTdnFVhsS64qdEQ=; b=D2TrWNh+KbWJPSrQSR7vXRgtFVESd2E/3vE2Oa5c2cP4C/2nBAd1f8X25c3PIDyFSF +B+u/WZD8oVqIAlqmQjeJ56hk9cSCh6gaP4NZzXCizUkUiG6cpZme2XYNp2mH1XHdepY 8ytsdIm21aS7YLmtlu4bhpXq9dibmTRemQI7BeCwVdJjVgT56pXfaN7Uab+uybbtvQY2 76pzSPB86PqRVOL+6xuiaGNMeptM1P/J7UH2SY3jGaGFS6jqFia4wbAZ1VVzJWvRv9o3 nlkcW6icao3uFEAQ0/0OJNtWO551nyBv/q+NzNt7hk0PLjcoKkfjcTVak7vw2ViJGIo3 SMWA==; darn=lists.php.net ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775931819; x=1776536619; darn=lists.php.net; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=fiOx7o3yHfOTZklKuk8wx1wVWSW3BUD9FXnSO3IPVP8=; b=fByzkRNw1PocJiA/s62+/lo0giAlnouIfaRUq2fVuMq5BFwWZ/fYQMSb2Ua5F6IyqB x5TCAWpAnt2lTVxJteCh5I34heCWQ/ZZZji1boXgEsfVugJAQ0EKglLC/CU+kfgZTpVy qUCqfBc2UjvqwY/PSu9V1WrzMKFTybb5/nMW8oHCITvwC4TtPgC3oFBHLUn7qJT08sGT 5k03S/9O/9i8pOTaXg5hXXPpm7bgcECjZYQR/OSnqhx62WWH+nCPyoGoz/dBCoDU6Pqp CrQPxXG7qwcc4mHDmz3oqxfKS/PU8ebWNCAu3iN05jyIyCQ48v/uu4cKzEKYg2RZ7Rfg QtjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775931819; x=1776536619; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fiOx7o3yHfOTZklKuk8wx1wVWSW3BUD9FXnSO3IPVP8=; b=Axw7zwxxb2PTnXo7lmpDjClKu7PrfYtgCCilRrl43BV/LUEeh2+4CSTKYdUEsYqkun tv3gaY7Zr3EcNBRxN4vM8/ibFg5gFlCOG6p7glY6ZRdu7UNle7JvpJJFWPYeE7sEWEmQ jetd1qj9GvgVFrGYfJLklAY16uTxEl5n1aFwiNCiq5fRWK1DZ40N3EMM5G9eP6ZvUfqu xLTlutHN0RfgPrjXJ+mv9/c4qfRw5ohJcSGwBKSHsOgnKyHsWIRAwHn9GyY/SCrBm6pM uffePBkt1y8WVBl6h6Va90h7PFsPsJKnPLFvFMLAJ4RKqZ9qvurGuTX31YGg1D3sVGOW 5h5w== X-Gm-Message-State: AOJu0YwUxQxd+YvfKnevmM9B2m8PALJMiRpY6/cZ1PnSl1pCyxVN5GGA RzwISuRmnFUEh4eXt9Vl5KvvpRr7WftCitM0m/8z6RBj7h1wp/AjGgi/nAmQ//+QBOemT+RYgDs jMQFurLHas9Y1azXdQsDpNAD+JSsAT07GjzE3 X-Gm-Gg: AeBDiettOz1UsT3oz/MSNg45bIpP0ps/qmeBm6Y65tvr/pwdyCfIndah8nSnk5Ks+/C gvzwH4ybyn9SqkfmQ7lVlb0o72wGeMjyPPAhwm7rH3u42OeYEPPjgSbaS8wQ5rYGqPe2Z7ry0ln wbM+EE7Z3brBAf9rJYUHkq4WrFfunHjrUIhVLJwehVH/0i6Kv8psrDNdgoE7LZt1TLq8pRBq0jI wHX/+E1BmXy4q9+Pw1oTqRkqMHh/IQ0GiDOi8SaYDnNkGKbTM6er6UsdBDpUQjsrL3iNyW6dJKs SS6qPQpC X-Received: by 2002:a17:903:bc4:b0:2ae:4ad5:b76c with SMTP id d9443c01a7336-2b2d5d105ddmr46400065ad.10.1775931818820; Sat, 11 Apr 2026 11:23:38 -0700 (PDT) Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 Date: Sat, 11 Apr 2026 20:23:28 +0200 X-Gm-Features: AQROBzDLX1smTzgMvnDCbEo0hncJ0r2vKubCJMRSfr8lER6PL6YwL-4IdSePIUg Message-ID: Subject: [PHP-DEV] [RFC] Secure Session Configuration Defaults To: PHP internals Content-Type: multipart/alternative; boundary="00000000000034ca2c064f3359c0" From: jorg.sowa@gmail.com (Jorg Sowa) --00000000000034ca2c064f3359c0 Content-Type: text/plain; charset="UTF-8" Hello internals, I would like to propose RFC about securing the session configuration defaults. It's been already discussed many times in the github issues, so I would like to finally create and RFC about it. Link: https://wiki.php.net/rfc/session_security_defaults Kind regards, Jorg --00000000000034ca2c064f3359c0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello internals,
I would like to p= ropose RFC about securing the session configuration defaults. It's been= already discussed many times in the github issues, so I would like to fina= lly create and RFC about it.


Kind regards,
Jorg --00000000000034ca2c064f3359c0--