Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89853 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72913 invoked from network); 21 Dec 2015 04:24:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Dec 2015 04:24:27 -0000 Authentication-Results: pb1.pair.com header.from=pencap@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pencap@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.43 as permitted sender) X-PHP-List-Original-Sender: pencap@gmail.com X-Host-Fingerprint: 209.85.213.43 mail-vk0-f43.google.com Received: from [209.85.213.43] ([209.85.213.43:35384] helo=mail-vk0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 88/20-51216-BFE77765 for ; Sun, 20 Dec 2015 23:24:27 -0500 Received: by mail-vk0-f43.google.com with SMTP id a189so94405873vkh.2 for ; Sun, 20 Dec 2015 20:24:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RyJ/yxfPS2b7hVtbMycVgfOFegDpOcQg0MYj8g8iaFg=; b=AJ1TWaE5lZu+3LS+2kfmOm/k9R8HVReS9haTlgAJJ/mIk1XUrM1YAtptFbxiySjn8p jturA1hiT48h7hxd9zVO2Ew7N8zqxajDuLYZqmLfMc4uossx4ECwzJV1KBhngtBxFyOv 2U52Xw+oian3ahrPtBh5SbhKt0LcGem/Q6bm0+dc/drhx9vKcnlBcFZqaPivpQ0l7S1s m81pMj7SX5dEwTb9OfbLtve67ntMuDVf1FYiqAWC3EXATkR95aHYupNfHUlGOvRqv9sx OGyBOGQ4c7t9UAvMtk4m3BV/HV2TnEj++3vKmdUBKCR7roHGFkLqK/pfPjF8/hSR6OcO oLOw== MIME-Version: 1.0 X-Received: by 10.31.160.5 with SMTP id j5mr11735537vke.59.1450671864802; Sun, 20 Dec 2015 20:24:24 -0800 (PST) Received: by 10.31.130.81 with HTTP; Sun, 20 Dec 2015 20:24:24 -0800 (PST) In-Reply-To: References: Date: Sun, 20 Dec 2015 22:24:24 -0600 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11431f842ff545052760dd6d Subject: Re: [PHP-DEV] Re: [RFC Discussion] Precise Session Management From: pencap@gmail.com (Mike Willbanks) --001a11431f842ff545052760dd6d Content-Type: text/plain; charset=UTF-8 Hello Yasuo, On Sun, Dec 20, 2015 at 7:01 PM, Yasuo Ohgaki wrote: > Hi all, > > On Sat, Dec 19, 2015 at 7:33 AM, Yasuo Ohgaki wrote: > > I would like to restart better session management for PHP 7.1. > > > > https://wiki.php.net/rfc/precise_session_management > > > > Although this RFC targets PHP 7.1, new session management > > could be applied to older releases also if majority of us agree. > > Please comment. > > I would like to write patch for this next week. > If you have comment, please comment this week. > This week is hard due to several holidays, I would recommend postponing discussion until after. However, I will comment on a few things that I dislike of the RFC: Exposing the internal state of the session via a key on the session __SESSION_INTERNAL__ may be dangerous. How are you preventing writes to this area? Is an exception or error thrown? I also do not feel that it is worth encoding this directly into the session value but would be of far greater benefit to expose through functions and ensure it is not touched and protected from user land. Anything that messes with the $_SESSION can cause major issues (for instance upload progress did this and can cause session corruption in certain cases as it manipulates the session state). I fully agree that session_regenerate_id needs some additional work. Although. I do not think that the implementation here seems like the correct path as a general comment. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --001a11431f842ff545052760dd6d--