Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73212 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 94547 invoked from network); 17 Mar 2014 10:51:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Mar 2014 10:51:52 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.47 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.47 mail-la0-f47.google.com Received: from [209.85.215.47] ([209.85.215.47:52496] helo=mail-la0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C5/42-17561-6C3D6235 for ; Mon, 17 Mar 2014 05:51:51 -0500 Received: by mail-la0-f47.google.com with SMTP id y1so3485370lam.20 for ; Mon, 17 Mar 2014 03:51:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=kzrncBmk9h0qt2cKJWqa6wEkOURpPE8LoLzKLN3dPSU=; b=a7GBWiVaI2HEgTob/b3Izbnt5w2bojR7ooPshS49ivRjSsOwtNLy96mZpzejd1Jidm R20rxtTEHvyxRZ48FpHp+KQ8P4mVz7t2xrBVjf+3qknJtAPVEhgtdNoeiuzcKuAiN2QO BaOJb8TK7IAwTcowGpQrfN8evpf8yWP58bTTL2VaXM01KypPH6pzoXAb9k7yaPSCj9E2 kKCyBJOxJhxbEkbWhbrovMK9ng8JrbTDtfVyi2X535DcT8Aloi8UJbg2sicouBS5mZUF APtf7tXN8KAoM2JmlRuPccTYne1jMPYegbbwu9zWv2k8LAEsXLDzHBEpUNlrUQxdWdqi 3kRA== X-Received: by 10.153.7.69 with SMTP id da5mr956583lad.38.1395053507898; Mon, 17 Mar 2014 03:51:47 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.205.73 with HTTP; Mon, 17 Mar 2014 03:51:07 -0700 (PDT) In-Reply-To: References: Date: Mon, 17 Mar 2014 19:51:07 +0900 X-Google-Sender-Auth: oxM6tznKNbUf2yZYNUmnUqcNcFk Message-ID: To: Andrey Andreev Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11345630c7f16f04f4cb340e Subject: Re: [PHP-DEV] Session: deprecating create_sid() method and add createSid()? From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11345630c7f16f04f4cb340e Content-Type: text/plain; charset=UTF-8 Hi Andrey, On Mon, Mar 17, 2014 at 7:23 PM, Andrey Andreev wrote: > There's no SessionHandler::create_sid() or > SessionHandlerInterface::create_sid() documented (see your own link to > the docs) ... since when is this available? > > I'm not sure if exposing it is a good idea anyway, why is it necessary? > This change is not mine. It was added about 10 years ago, IIRC. Having createSid() could be useful. For example, user may have certain prefix for session IDs. User ID prefix is especially useful to know how many active sessions are there. (Note: I advise to use MD5('user_id'.'random_secret') for user ID prefixing if user_id shouldn't be exposed.) I've added session_create_id(). Therefore, if user start using it, it does not hart much. If users do not need modified session ID, they may call session_create_id() simply. The reason why this is added is Stefan Esser's strict session patch had this, I guess. However, his patch was not fully merged and session remained weak until 'use_strice_mode' patch. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11345630c7f16f04f4cb340e--