Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71555
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 53780 invoked from network); 25 Jan 2014 10:44:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Jan 2014 10:44:51 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.163 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 67.192.241.163 smtp163.dfw.emailsrvr.com Linux 2.6
Received: from [67.192.241.163] ([67.192.241.163:51942] helo=smtp163.dfw.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/00-53277-1A593E25 for <internals@lists.php.net>; Sat, 25 Jan 2014 05:44:51 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp26.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 0D1B8800B4;
	Sat, 25 Jan 2014 05:44:46 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp26.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id B47B4800B3;
	Sat, 25 Jan 2014 05:44:45 -0500 (EST)
Message-ID: <52E3959D.4000103@sugarcrm.com>
Date: Sat, 25 Jan 2014 02:44:45 -0800
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Andrey Andreev <narf@devilix.net>
CC: PHP Internals <internals@lists.php.net>
References: <CAPhkiZyMULFgCoTaaqtwx_34ovTX-36dTdVUgMXE_aWPd5O+WQ@mail.gmail.com>	<CAH-PCH71z58Ghhg9koPRM8RXYk1bXWSW_ogJqY1TpUAQK8pu6A@mail.gmail.com>	<CAPhkiZwsS6wEijXJGHx03f7zf9OFDg9G_2NwMqNDZSmmPsBBZA@mail.gmail.com>	<52E319F2.8080705@sugarcrm.com> <CAPhkiZy7+6hGakv4bXVR2djx18H+s_69OUoyPSjd=JaUVVp61Q@mail.gmail.com>
In-Reply-To: <CAPhkiZy7+6hGakv4bXVR2djx18H+s_69OUoyPSjd=JaUVVp61Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Session IP address matching
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Still, that is not optimal. The desired effect is to call the session
> file something like:
> 
>     <session.name>_<REMOTE_ADDR(hash)>_<session_id>

I'm sure there's a reason why you want that, but I'm not sure I'm seeing
a generic use case for this for core. Why would most of the core users
care how the session files are named and require them named in a
specific way?

If you want to limit access to sessions to specific IPs only, there
already is an easy way to do it, by overriding SessionHandler. If you
want to make sessions stick to IP, there's also pretty easy way to do it
too. So I wonder - why change the core if it can already easily be done
with what we have?
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227