Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73304 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8747 invoked from network); 19 Mar 2014 18:18:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Mar 2014 18:18:33 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.51 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.51 mail-la0-f51.google.com Received: from [209.85.215.51] ([209.85.215.51:53997] helo=mail-la0-f51.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9E/60-05195-77FD9235 for ; Wed, 19 Mar 2014 13:18:33 -0500 Received: by mail-la0-f51.google.com with SMTP id pv20so261975lab.38 for ; Wed, 19 Mar 2014 11:18:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=KJsTf1qTsVFCJmLLTjx9/fguc8Ymr4lI3Gt9RqEfryw=; b=lM9UEi/4FiUo4jrZbU84fT9h/fsMdVnfb2vcquwSUJMp/XLm0l+YmO5J0lTuluN6Lo +NlLHg7PFdIECyEagYrPz6ERcKVEPzUlU0/6cFU6m+Ud7k9XRr0syzktfA7tK7HYZC18 pu97ylj1Ho8zGa9fvBm+4QcJViqs8NBXaWir4Bjrn5ePuhIjRhN3Z8+NDmuZHxFUtaR+ YVD89NBntth7lNp1+k08WiAoIZL5stej95s6m2EBzNVc5Z6lVlHRGwHwobpOsvLJRpOs J2rs2tnm5Ocn6idiXJIKFopAa9YNFkItYg+2v2GsSukjZrcv/4+zo4c35E/aGgV8+HlJ ZRLQ== X-Received: by 10.112.28.82 with SMTP id z18mr25173194lbg.18.1395253108456; Wed, 19 Mar 2014 11:18:28 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.205.73 with HTTP; Wed, 19 Mar 2014 11:17:48 -0700 (PDT) In-Reply-To: References: Date: Thu, 20 Mar 2014 03:17:48 +0900 X-Google-Sender-Auth: MyKtQ4oRMI5oM0lRPlEHE2QljRk Message-ID: To: Andrey Andreev Cc: Ferenc Kovacs , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a1133e8ece6c2ed04f4f9ad30 Subject: Re: [PHP-DEV] Solution for session_regenerate_id() issues From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a1133e8ece6c2ed04f4f9ad30 Content-Type: text/plain; charset=UTF-8 Hi Andrey, On Thu, Mar 20, 2014 at 12:22 AM, Andrey Andreev wrote: > On Wed, Mar 19, 2014 at 12:12 PM, Ferenc Kovacs wrote: > >> If you choose "security" bug type, it's hidden. > > > > > > nope, security bug type only makes it send the bug mail to > security@php.net, > > only private bugs are protected from public access. > > that is something really error-prone, so I remember some discussion about > > changing that, and making new security bugs to be private by default, but > > AFAIK we never implemented that. > > Actually, somebody did implement it. > Turned out the issue I wanted to report is solved though ... it was > the regression with use_strict_mode in 5.5.3 and for some unknown > reason, Ubuntu is sticking exactly to that version. > > On topic: I understand the gains, Yasuo. > But I completely disagree that it's mandatory or that it is PHP's job > at all. If I tell PHP to delete something, I expect it to do so, > immediately. https://wiki.php.net/rfc/session_regenerate_id If you read my RFC, you'll see anyone can do that with session_start(['regenerate_id_expire'=>0']); or ini_set('session.regenerate_id_expire', 0); Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a1133e8ece6c2ed04f4f9ad30--