Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71576 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19563 invoked from network); 26 Jan 2014 01:01:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Jan 2014 01:01:19 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.171 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.217.171 mail-lb0-f171.google.com Received: from [209.85.217.171] ([209.85.217.171:44605] helo=mail-lb0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 10/46-19300-E5E54E25 for ; Sat, 25 Jan 2014 20:01:18 -0500 Received: by mail-lb0-f171.google.com with SMTP id c11so3551338lbj.16 for ; Sat, 25 Jan 2014 17:01:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=jKuECiFDjPO+jZohbpJjq7wzO1Ri9eNzAc7zQj4f3cE=; b=Izf2iud3jS9h7aQL2sMU20t/902cDzLicPnEda+v9X2Ql/O/fmXHY7dKVsfYQ3KuMP 5Vvm/qKmJh8BkzpOprdLxYBwGFQ6im19qCoqmJc0p/mkHm7vEemS5rCDTsvtXZkrqk5A j53xrj1IfZNvsrQ0ikBGU98jVtDXjdwYMA6/A3yHPH/qYEL33ZhPp3xEbPpSI8HONluB E/kQ4vt8/+RJ1xw1m5lhU6Xo1P1VTc3RUBoC4x0wOZAD+2nICsq/nZPvlq0HySpSXjyF rDAL0dvnpPT8A13DGZn+VN1baAeXiFXgySXw8WDZljSqH5EhZXwDL5CXxeYr2+/h+V78 BT0g== X-Received: by 10.152.23.39 with SMTP id j7mr449132laf.28.1390698074784; Sat, 25 Jan 2014 17:01:14 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.132.134 with HTTP; Sat, 25 Jan 2014 17:00:34 -0800 (PST) In-Reply-To: <52E45A5D.7020807@sugarcrm.com> References: <52E319F2.8080705@sugarcrm.com> <52E3959D.4000103@sugarcrm.com> <52E45A5D.7020807@sugarcrm.com> Date: Sun, 26 Jan 2014 10:00:34 +0900 X-Google-Sender-Auth: xi4zYRNwoYbozJEye18GmWcevAM Message-ID: To: Stas Malyshev Cc: Andrey Andreev , PHP Internals Content-Type: multipart/alternative; boundary=089e0158ca04bcc8bb04f0d5205e Subject: Re: [PHP-DEV] Session IP address matching From: yohgaki@ohgaki.net (Yasuo Ohgaki) --089e0158ca04bcc8bb04f0d5205e Content-Type: text/plain; charset=UTF-8 Hi Stas, On Sun, Jan 26, 2014 at 9:44 AM, Stas Malyshev wrote: > > which is really bad thing to do. session_create_id() generate ID using > > the same code PHP generates ID which is much secure than above and > > supposed to be faster than user land script. > > I agree that exposing the ID creation function is a good addition > (actually if it was available I'd probably use it in other contexts > where I need a random token, not necessarily a session ID as such). > Maybe we need even more generic function and have session reuse that > code, too. Although I've written it already, I appreciate any comments for improvement. Do you have idea for session_create_id()? Perhaps, more generic function name and/or move to ext/standard? For more generic ID or token, I think we need UUID module. If there is a module available, we are better to include it. I think someone is working on it. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --089e0158ca04bcc8bb04f0d5205e--