Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90256
Return-Path: <danack@basereality.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17363 invoked from network); 7 Jan 2016 15:54:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2016 15:54:20 -0000
Authentication-Results: pb1.pair.com header.from=danack@basereality.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=danack@basereality.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain basereality.com from 209.85.220.182 cause and error)
X-PHP-List-Original-Sender: danack@basereality.com
X-Host-Fingerprint: 209.85.220.182 mail-qk0-f182.google.com  
Received: from [209.85.220.182] ([209.85.220.182:34120] helo=mail-qk0-f182.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 54/81-09042-B2A8E865 for <internals@lists.php.net>; Thu, 07 Jan 2016 10:54:19 -0500
Received: by mail-qk0-f182.google.com with SMTP id h11so42721663qke.1
        for <internals@lists.php.net>; Thu, 07 Jan 2016 07:54:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=XSg/P2qre8zV8HTWPCYYYbpI9I6t3oo8zkw5lVg7vsI=;
        b=xQzOA977HN35Z09UTppOawTIJvs0X93iwjXU8j0D4IL1fXhr0PdH07qPyCMRG1JSJY
         sBVSIlk11krG9ITscBA70iQnY1GNRycdz8mH4PpTnVFPJ09MwyUMlHiy7XnvVxlzcUJi
         C51w+I5uyO4AvNWoBS4qJxj+VEaNa9/ya1Ff0cxCXWHqiVrpu70eHSgxZ83ZnN1RfGLS
         RAKiC4NmNbS5FlGAw2mV6aoXNHcrt+vIIUQc6CWIKp2CtQDZwDlubO/EYn6wwkbr0OBq
         XAxqwRFZkNJ18SB41W0V/f6fyX96i0Ml8RELfBxk3HTQRQOuv2MramP7AbF+UQv4P4q5
         YXaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=XSg/P2qre8zV8HTWPCYYYbpI9I6t3oo8zkw5lVg7vsI=;
        b=hW5eAh+WTIQV0wGsGRSgjKntDAqXdTGjRvBbcAzthYsEopwt8g2QEbdbmtkGAJ1CHu
         F/GTc41XG78I6hhA4Zq5H6+6e4qGbUF0Q38C8A3S/W6tJbsoyRL5zKsw8ElZJoCIw08D
         +zW45RyvI7Sz4QCKRwu4ZEXPUv6IcadOJOsruVxfdoLVhew77kYI7dloIIPcbZWJikbY
         rlLS+x0rn+wyt4itq7LnuztvzBRf+l8A59682DsAG47CmlT4O0p/agKZhVtSg84201ss
         seBYUAMA/UqCAzLRyHIs8dj/vgvM9Dz/mTuY5Mfs7Wrm9rUYSyEWMXVRbpRspLQuvtop
         VDJg==
X-Gm-Message-State: ALoCoQmvq+fBZIRUQw1o1gZdtnCg4te0nUrWISeG3F9ues8CCqCTXqGk2g8IldbFiE+3ewVHoLaeLdZqXCigJ/nJtAMFi2oqcg==
MIME-Version: 1.0
X-Received: by 10.129.135.7 with SMTP id x7mr75745258ywf.95.1452182056683;
 Thu, 07 Jan 2016 07:54:16 -0800 (PST)
Received: by 10.37.83.131 with HTTP; Thu, 7 Jan 2016 07:54:16 -0800 (PST)
X-Originating-IP: [2.99.233.57]
In-Reply-To: <CAGa2bXbWgdnmz2g4OWCxLb=TdeqyiajNm9Q7HX96FKQq8tqqtw@mail.gmail.com>
References: <CAGa2bXbg_kebBVg3tSh4uFHZ6nQXRbjUXNQa0JZx9sezQqb5kg@mail.gmail.com>
	<CAGa2bXbWgdnmz2g4OWCxLb=TdeqyiajNm9Q7HX96FKQq8tqqtw@mail.gmail.com>
Date: Thu, 7 Jan 2016 15:54:16 +0000
Message-ID: <CA+kxMuTuZ7ThA1R-OVV0O=jEQ0u8Ka5jjWdwY8OB-zQpBHL1XA@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Re: [RFC Discussion] Precise Session Management
From: danack@basereality.com (Dan Ackroyd)

Hi Yasuo,

I find it hard to give feedback on this RFC as I cannot understand
what it is saying.

In an RFC, defining behaviour just through example like this:

> Obsolete session data has NEW_SID and TTL upto session.ttl_destroy.
>
>   $_SESSION['__PHP_SESSION__']['NEW_SID'] = <new session ID>;
>   $_SESSION['__PHP_SESSION__']['TTL'] = time() + ini_get('session.ttl_destroy');

doesn't communicate clearly what the behaviour is going to be. There
needs to be a clear description of what is going to happen.

The only feedback I can give is that I think complex session behaviour
need to be managed through objects or functions which can be tested
inside an application. Adding complex behaviour that happens just when
certain elements of a global array is set, is not the right way to add
more complexity to the session management.

My personal belief is that if people want to have more complex session
management, they should do so in userland code. If we do want more
advanced session in core, it should be done as a new extension; one
that doesn't use any ini settings at all...

btw this appears to be a list of the RFCs you currently have open.

https://wiki.php.net/rfc/allow_url_include
https://wiki.php.net/rfc/consistent-names
https://wiki.php.net/rfc/consistent_function_names
https://wiki.php.net/rfc/dbc2
https://wiki.php.net/rfc/deprecate_ini_set_get_aliases
https://wiki.php.net/rfc/escaper
https://wiki.php.net/rfc/introduce_design_by_contract
https://wiki.php.net/rfc/inconsistent-behaviors
https://wiki.php.net/rfc/introduce-type-affinity
https://wiki.php.net/rfc/precise_float_value
https://wiki.php.net/rfc/script_only_include
https://wiki.php.net/rfc/secure-session-options-by-default
https://wiki.php.net/rfc/session-gc

Perhaps spending more time polishing one or two ideas would lead to a
better result than spreading your efforts thinly across many ideas?

cheers
Dan