Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71322 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58946 invoked from network); 20 Jan 2014 12:07:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Jan 2014 12:07:51 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.169 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.217.169 mail-lb0-f169.google.com Received: from [209.85.217.169] ([209.85.217.169:45124] helo=mail-lb0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D5/3B-02192-6911DD25 for ; Mon, 20 Jan 2014 07:07:50 -0500 Received: by mail-lb0-f169.google.com with SMTP id q8so4920282lbi.28 for ; Mon, 20 Jan 2014 04:07:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=CNkIF2Zakj0gYHtkgngIPrW7EsmL6TbfFWxEuwN5VnU=; b=xd+6ggNaRF8Y0Io369UnMZIfJGKfczHycOUZXqJoZIsA/fFe9Krmn7RoDZQXB8JsOs CQRwuw/zK8d1yO1mBdlOeEyp3l0IFypxUSZPxQAjOZJCEDUplCqNNhHs3Dg1DC/TXXks kbXiOyPNuFXucRuMH3mQJGfX55J9K4AlpCU2PNW7LkK95IMVWjWh1aozLjZ8/Vozjp5L alDiwENKAUQphnVH4Qobq7xlWa2IjITG2YWvPnqisMdHDPlHtKPz0ZaX57vZO7XnpCAX txxRS2+I2tQVy3VG3bKN7LHLOoYqAwRGYsRKlsZMArEgyUOJHrbY2fLFX0vk58wSGJhE XMsQ== X-Received: by 10.152.4.74 with SMTP id i10mr130586lai.58.1390219667538; Mon, 20 Jan 2014 04:07:47 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.6.68 with HTTP; Mon, 20 Jan 2014 04:07:07 -0800 (PST) In-Reply-To: References: <52DC905F.2080705@sugarcrm.com> <52DCAE75.8070401@sugarcrm.com> <52DCD1C5.8080109@sugarcrm.com> <52DCE356.5040600@sugarcrm.com> Date: Mon, 20 Jan 2014 21:07:07 +0900 X-Google-Sender-Auth: 6vsU3BMUJswqCH4DEGI0qqhGNiE Message-ID: To: Stas Malyshev Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=089e0103ec247187b104f065bdd9 Subject: Re: [PHP-DEV] [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory From: yohgaki@ohgaki.net (Yasuo Ohgaki) --089e0103ec247187b104f065bdd9 Content-Type: text/plain; charset=UTF-8 Hi Stas, On Mon, Jan 20, 2014 at 7:30 PM, Yasuo Ohgaki wrote: > On Mon, Jan 20, 2014 at 6:17 PM, Yasuo Ohgaki wrote: > >> I'll send mail when I finish editing the RFC, please hold to vote. > > > Before I re-open vote, I would like to ensure if the RFC has no > issues to discuss. > > https://wiki.php.net/rfc/session-lock-ini > > Thank you for reviewing RFC! I was forgetting whole point of having session.lazy_destroy. This feature should be enabled by default to destroy old session when session_regenerate_id() is called. Regenerating session ID with reliable manner is mandatory for better security. Therefore, I've changed RFC to enable session.lazy_destroy by default. Default delay is matter to discuss, though. Please refer to the referenced discussion in the RFC. http://marc.info/?l=php-internals&m=138242492914526&w=2 Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --089e0103ec247187b104f065bdd9--