Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:56712
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82573 invoked from network); 2 Dec 2011 05:35:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Dec 2011 05:35:37 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.170 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.160.170 mail-gy0-f170.google.com  
Received: from [209.85.160.170] ([209.85.160.170:61277] helo=mail-gy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9F/10-15959-8A368DE4 for <internals@lists.php.net>; Fri, 02 Dec 2011 00:35:37 -0500
Received: by ghbg16 with SMTP id g16so2931807ghb.29
        for <internals@lists.php.net>; Thu, 01 Dec 2011 21:35:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type;
        bh=rV8eGDIlranVyaPMUmbg5lD8niShZvDQQffsdPERbHM=;
        b=mFPpn5zhKbTqUfT8v4F7Oqg7ipl7RNFuT+U2sYEJmkRJxkdDK7REX0SsfncsuPkg/N
         GzGcSCbX+hQnt/LEiPQ8Bieh15o0fHG+9GyfaGC7NgegwQRJNsm+wHK3WxXjhDrsJBQe
         VD+RKDycBhp3yigpKVI6v1MUxGJhbGFkVywUQ=
Received: by 10.236.155.36 with SMTP id i24mr16610259yhk.43.1322804134126;
 Thu, 01 Dec 2011 21:35:34 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.100.127.18 with HTTP; Thu, 1 Dec 2011 21:34:53 -0800 (PST)
In-Reply-To: <4ED85560.6040101@uw.no>
References: <CAGa2bXYDbDnTi1aF4Ts9oShyy=2NKPaTc34_+Hg7ZN0v+_MGSQ@mail.gmail.com>
 <4EBDC283.3040700@yahoo.co.jp> <CAGa2bXaMKzQCO=6k4WrB2W3Mp6R8R7oJz7LQBnv_4UKCk0_VxQ@mail.gmail.com>
 <4ED727FB.7030001@uw.no> <CAGa2bXb9k=V1X-jfx5NM=0RrRo2RwxyG6HjaKWLZHLb2Tpe7jQ@mail.gmail.com>
 <4ED76013.50601@lerdorf.com> <CAGa2bXbpqeG1e3t2syWFid1QxTrWimT0=1D5_ujPsJ50PJY20g@mail.gmail.com>
 <CAGa2bXbdc04oorY2G3gnFg9SD57Uokwzrt2EgZ7i0s+E4wARPQ@mail.gmail.com> <4ED85560.6040101@uw.no>
Date: Fri, 2 Dec 2011 14:34:53 +0900
X-Google-Sender-Auth: CzPA545qhYmgSUOYGQbeBE23NvQ
Message-ID: <CAGa2bXa=OF-sg_eCrRuPDva-O0MxZz25zZJt_rojHDnz5gwrfw@mail.gmail.com>
To: "Daniel K." <dk@uw.no>
Cc: Rasmus Lerdorf <rasmus@lerdorf.com>, internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Strict session?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

2011/12/2 Daniel K. <dk@uw.no>:
> Yasuo Ohgaki wrote:
>>
>> 2011/12/2 Yasuo Ohgaki <yohgaki@ohgaki.net>:
>>>
>>> I think Daniel mean there are extra spaces for indent.
>>> I'll fix it.
>
>
> That's exactly it, however the updated patch still has problems.
>
> Search for a + followed by only tabs or spaces. Empty lines should be
> just that, empty.

Does CODING_STANDARDS mention this?

>>> Since Daniel mentioned that he cannot disable strict session,
>
>
> I did no such thing. from where did you get that idea?
>

Because you wrote this.

> This could never work with:
>
> session_id("foo");
> session_start();
>
> could it?

I think you understands it can be controlled by session.use_strict_mode now.


> I am in serious doubt as to whether the additonal restrictions on valid
> characters in session ids are appropriate, and I fear that some poor sod may
> be in for a nasty surpris because of this.
>
> Remember, this is not just about the return value of hash functions, as this
> is used to validate session_ids set with session_id() as well.

With strict session, user cannot set session ID. If user can, it's not
a strict session, but adoptive.

If user would like to use adoptive session, user may set
session.use_strict_mode=0.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net