Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:81226 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 55575 invoked from network); 27 Jan 2015 10:55:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jan 2015 10:55:13 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.41 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.216.41 mail-qa0-f41.google.com Received: from [209.85.216.41] ([209.85.216.41:53725] helo=mail-qa0-f41.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 36/97-18778-F8E67C45 for ; Tue, 27 Jan 2015 05:55:12 -0500 Received: by mail-qa0-f41.google.com with SMTP id bm13so10830094qab.0 for ; Tue, 27 Jan 2015 02:55:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=NgIcx1ssd79rI8jdcHz+yELuoILLxA46zvL2+rWUJSs=; b=Jrgqut4pLo/kFdR7G8rXxnpSOj8dcE3EMTghOBwMge+VRFXHtft63Vbyu3vM8M+1C1 FbtdK0tEnEqypLmoBGp9UNE82WqNlzbur6VW3C8NO+LXZVJfOX6gUhzMDDsWwrtA34Qo eJ9FJv1TvwPKoW9HnX4e9WgSmZE7fhtKJAD0DXOYMKf8X5r5Bh2xFdTprfbjLxFIHChf STvz//HE220c4KmuGux1z69a1vKY1GMo3m0jjq1d8FHNNVBQoowrNl3AXk+pPVGMvfzv Tc0CCGm/R774DEKIzq6WHZbILRTTxC7/gubHCONDHFA0/yxPRtYxzfeflD3yc4cG8hNX Lsfw== X-Received: by 10.140.20.226 with SMTP id 89mr786986qgj.43.1422356108606; Tue, 27 Jan 2015 02:55:08 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.229.93.70 with HTTP; Tue, 27 Jan 2015 02:54:28 -0800 (PST) In-Reply-To: References: Date: Tue, 27 Jan 2015 19:54:28 +0900 X-Google-Sender-Auth: d0lVCFvrsbbyDJjJZO67BLFsppo Message-ID: To: Ferenc Kovacs Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c1257e990388050da016bb Subject: Re: [PHP-DEV] Re: Discussion for RFC: Set appropriate/better defaults. From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11c1257e990388050da016bb Content-Type: text/plain; charset=UTF-8 Hi Ferenc, On Tue, Jan 27, 2015 at 6:44 PM, Ferenc Kovacs wrote: > On Tue, Jan 27, 2015 at 3:35 AM, Yasuo Ohgaki wrote: > >> Hi all, >> >> On Tue, Jan 27, 2015 at 11:06 AM, Yasuo Ohgaki >> wrote: >> >> > - session.hash_function=1 : Use SHA1 rather than MD5 >> >> >> I realized that we should remove hashing for better performance. >> >> Since session ID is generated from crypt secure RNG (/dev/urandom by >> default), >> simply converting the data into text is enough. Hashing is _slow_. >> >> Any comments? >> > > on the contrary, both sha1 and md5 is super fast, so I don't think that is > a good argument. > and if you remove the hashing there will be no known length for the > session id, and sooner or later people will screw themselves when bumping > into some limit or getting their session id truncated (be that a cookie max > length or a db field). > MD5 and SHA1 is reasonably fast. However, when I implemented session.lazy_write I found hashing is spoiling performance with simple script benchmark. A lot of session IDs may be generated with browsers that do not support/enable cookie. Many sites can ignore the overhead, but busy sites get benefits from raw session ID. It may be small, but it uses less CPU cycle for sure. We may set long enough fixed length ID with raw session ID. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11c1257e990388050da016bb--