Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68390 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 40382 invoked from network); 5 Aug 2013 19:33:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Aug 2013 19:33:39 -0000 Authentication-Results: pb1.pair.com header.from=arraypad@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=arraypad@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.181 as permitted sender) X-PHP-List-Original-Sender: arraypad@gmail.com X-Host-Fingerprint: 209.85.217.181 mail-lb0-f181.google.com Received: from [209.85.217.181] ([209.85.217.181:56459] helo=mail-lb0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7B/56-06453-21EFFF15 for ; Mon, 05 Aug 2013 15:33:39 -0400 Received: by mail-lb0-f181.google.com with SMTP id o10so2378756lbi.40 for ; Mon, 05 Aug 2013 12:33:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zkQLzwlHs/eiesI5gLzutiguj4Fj6hfjAiB1xxTtbVw=; b=nq3GC7rbMMjftGgfvgEfYNYTOwKUCA8Mwx8X8tM/p2fYfPtWjqNq4xFK+We4iy61kQ D6a0twWVIEwdi3h44WOzmuHSiXQiBqX7SWGARHJKMChrgcDQiZDGzTILWI9w/6+9EqTD sJ5/bd47X5iBSp1W87pNAIm4xTMzeQmwP5h+7YOGrtfCFYk1l8WjmILgNbLx/W+mu5MA T+vFF97U+Z1FdGZB7HaNUOA8MY+tNlo1LLDneO+cyJuuLHFA+5T0qDZKQ//VHFzCm/wW hlkyTqMcP2zY6PvKCtErz8ZkhuZVk5XfvpfUpVfeg9ShBDLK/agyXyLgsb7a9e4/95Tk KeWw== MIME-Version: 1.0 X-Received: by 10.152.19.97 with SMTP id d1mr3579605lae.34.1375731215424; Mon, 05 Aug 2013 12:33:35 -0700 (PDT) Received: by 10.112.132.201 with HTTP; Mon, 5 Aug 2013 12:33:35 -0700 (PDT) In-Reply-To: <51FFFBB5.6000807@sugarcrm.com> References: <51FEEEAF.1070705@sugarcrm.com> <51FEF5AA.5060409@sugarcrm.com> <51FFFBB5.6000807@sugarcrm.com> Date: Mon, 5 Aug 2013 20:33:35 +0100 Message-ID: To: Stas Malyshev Cc: Yasuo Ohgaki , PHP Internals Content-Type: multipart/alternative; boundary=089e0149373c66e0a304e33862aa Subject: Re: [PHP-DEV] Session Id Collisions From: arraypad@gmail.com (Arpad Ray) --089e0149373c66e0a304e33862aa Content-Type: text/plain; charset=ISO-8859-1 Hi Stas, On Mon, Aug 5, 2013 at 8:23 PM, Stas Malyshev wrote: > > I'm not going to repeat my arguments against the committed solution yet > > again, but I really think we need a better one. > > You are free to propose a better one. Since this topic is being > discussed for almost 2 years and nobody came with anything better, as > far as I know, I think it is reasonable on this stage to go with what we > have. If you have something better that is not BC - you're welcome to > make a pull against master, if you have something that is better and is > BC - that's excellent, let's see it and if it works better, no problem > getting it into 5.5. > But as far as I see now, that is the only viable patch that we had > during pretty long time, so sitting and waiting that something better > comes along doesn't look like the best course of action. I think we > waited enough so that anybody who had better solution had a chance to > propose it and develop it, and given it is a real problem, I think at > least solution that works for now is a good thing to have. > As I've said I actually think Yasuo's original patch was a better approach, tackling the issue in session.c instead of leaving it up to all the handlers to implement. This would break BC but solves the major flaw of the ini setting working with some handlers and silently failing with others. I think it's also a cleaner approach in general. It's a real pity that missed the 5.5 boat. I'll have a think if there's a way to do this with BC, or at least to fail better. Arpad --089e0149373c66e0a304e33862aa--