Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72983 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 90993 invoked from network); 6 Mar 2014 20:35:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Mar 2014 20:35:36 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.182 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.217.182 mail-lb0-f182.google.com Received: from [209.85.217.182] ([209.85.217.182:38643] helo=mail-lb0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2C/F6-52599-20CD8135 for ; Thu, 06 Mar 2014 15:35:22 -0500 Received: by mail-lb0-f182.google.com with SMTP id n15so2166724lbi.13 for ; Thu, 06 Mar 2014 12:35:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=adVm07NJocYo3tthvGPDkHYH1xA7hosEejQejTcQf4U=; b=vSjhCxHnHvSwicZg+tiilU9vofomD+bxpPCdazFmne7gph2xMujtygq/EuhEHUJzk5 o0Wgc2gUOcVsscNPOjOyYVUK5x01OjNoP0LnSRwnQ/N8Krom2AVG86gqma7M5ueOYQC4 wnJXVDOJL5JwOKsl1iTdtCjC0nkW6N07Uz2l/F4AHT0URSgO4AhdBCdFu1f/tGFKYNon CMGOEnjwnGX1SOADT2FrG7Robbz3IJXVXAxd2WpWFwp2kJOfnVYUXpg26/B1LfjpGjtF GpqFnWD4SXKU+5h/ckr9A2x06CmnEE5G/F6Wszkb96j/y+SWrN8/45TmFBHc8mA9Hl+N curQ== X-Received: by 10.112.138.233 with SMTP id qt9mr8829343lbb.34.1394138112216; Thu, 06 Mar 2014 12:35:12 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.205.102 with HTTP; Thu, 6 Mar 2014 12:34:32 -0800 (PST) In-Reply-To: References: Date: Fri, 7 Mar 2014 05:34:32 +0900 X-Google-Sender-Auth: Bp0lkCVgu3WAkzDv9LV-Er-x0e4 Message-ID: To: Peter Cowburn Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=089e01229710f2524004f3f61254 Subject: Re: [PHP-DEV] [VOTE] RFC: Introduce session_start() options - read_only, unsafe_lock, lazy_write and lazy_destroy From: yohgaki@ohgaki.net (Yasuo Ohgaki) --089e01229710f2524004f3f61254 Content-Type: text/plain; charset=UTF-8 Hi Peter, On Mon, Mar 3, 2014 at 7:56 PM, Peter Cowburn wrote: > Is this vote still in-progress? The RFC page says yes, but the closing > date has long-since passed. Thank you for reminding. Proposal 1 is passed 9 vs 1. Proposal 2 and 3 is declined 1 vs 7 and 1 vs 6. Lazy deletion is design bug fix. This issue cannot be solved without delayed deletion due to technical reason of current web technology. This also involves session security. Current implementation allows attackers to exploit stolen session as long as they want also. I'll come back on this issue later. Thank you for voting all! Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --089e01229710f2524004f3f61254--