Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70000 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 7142 invoked from network); 4 Nov 2013 01:29:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Nov 2013 01:29:46 -0000 Authentication-Results: pb1.pair.com header.from=andi@zend.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=andi@zend.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain zend.com from 209.85.216.43 cause and error) X-PHP-List-Original-Sender: andi@zend.com X-Host-Fingerprint: 209.85.216.43 mail-qa0-f43.google.com Received: from [209.85.216.43] ([209.85.216.43:61706] helo=mail-qa0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 10/E2-04169-988F6725 for ; Sun, 03 Nov 2013 20:29:46 -0500 Received: by mail-qa0-f43.google.com with SMTP id cm18so58553qab.2 for ; Sun, 03 Nov 2013 17:29:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=n1fvOil3jPTUZJMiY5wOT3ofymik12tUh8GspkAiNVs=; b=aE1CnlYxP2xP4hRa4sNrOV4BJOrONsf0FXSVRTfHxluEnaVOZnulqCzqIHBtS0V3e1 7MzopeRfjXSr3hbgVc+QX3whRku+1GaS13RPOnxVmqH5yW9xUa/nE7TkJt3I6bBXHeBT 6LoPBt0KNoJ3s4hO8n+7YVnOXbPa/ZOCUKdbhif+zZcBKZouqTp3GBbJwUgMQFMo1/Bn cZsjM0V0pp8g+IBzoUPkEPQxOuGF1VeiEQFmhEdVq8bWfx1LoNTNAFBSPwdgwQLHNoCr lulH6RbjTgTYKGHit8RCdrWmnMYh/q4a3DqCaD7xUcX/TQrCWKtVRa3Al7gVDVrc5efO zSDw== X-Gm-Message-State: ALoCoQm8f69G8NymMa7w5MGIIrFDn2Dn0XRxhZLHj0T38LpzGVAiwK7v3Hvx6ksLcVofNpDQEOB8btKNGKw1NL2v2zBtpmRZt1JuVYe6sWSI+pibw3AhgE+exqSEiiFfuAviy2suhXNs X-Received: by 10.224.75.200 with SMTP id z8mr19184876qaj.71.1383528583360; Sun, 03 Nov 2013 17:29:43 -0800 (PST) Received: from [192.168.101.129] ([69.38.252.85]) by mx.google.com with ESMTPSA id ge5sm42946825qeb.5.2013.11.03.17.29.42 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 03 Nov 2013 17:29:42 -0800 (PST) Content-Type: multipart/alternative; boundary="Apple-Mail=_1F89DD2B-5026-45AC-9110-3283D7F6371B" Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\)) In-Reply-To: <526FED0D.4040709@oracle.com> Date: Sun, 3 Nov 2013 16:00:09 -0800 Cc: internals@lists.php.net, "yohgaki@ohgaki.net >> Yasuo Ohgaki" Message-ID: <5749CE46-8438-42F8-95D0-B854E35CC29E@zend.com> References: <526FED0D.4040709@oracle.com> To: Christopher Jones X-Mailer: Apple Mail (2.1816) Subject: Re: [PHP-DEV] session_regenerate_id(true) by default From: andi@zend.com (Andi Gutmans) --Apple-Mail=_1F89DD2B-5026-45AC-9110-3283D7F6371B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 29, 2013, at 10:14 AM, Christopher Jones = wrote: >=20 > Hi Yasuo, >=20 > If parameter omission is an issue, I think you should update the PHP > function doc ASAP and explain the problem. >=20 > Most E_DEPRECATED messages include the word "deprecated". I think > your message could be: >=20 > "Calling session_regenerate_id() without a parameter is > deprecated. Passing true is encouraged for better security" >=20 > Can you review whether "false" should ever be an allowed value? I think we would want to continue to support false (we can check = code.google.com or something to see how much it=92s being used without = parameters or with false). [I am not online now unfortunately]. Eliminating the default option can absolutely work as it means users = need to make a conscious decision. Andi --Apple-Mail=_1F89DD2B-5026-45AC-9110-3283D7F6371B--