Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90932 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 1659 invoked from network); 26 Jan 2016 08:15:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Jan 2016 08:15:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.169 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.169 mail-pf0-f169.google.com Received: from [209.85.192.169] ([209.85.192.169:32988] helo=mail-pf0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/E2-10534-B3B27A65 for ; Tue, 26 Jan 2016 03:15:56 -0500 Received: by mail-pf0-f169.google.com with SMTP id e65so96237218pfe.0 for ; Tue, 26 Jan 2016 00:15:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=gHTaFDxY0kFDIbO8EEaM/hHEi5p5Japg0qdOJlRNpu4=; b=MPPpdnuq+1ACr5ExW0/GwQI46ipnts2fBo8V+BrNzBevSM3X0I5CYowwoxOASK4AmR ylTer9qCc+ceHXdyfWq5fY+StHXkC5dY2zXAqJTwzuaXQ69DaDfz3tN8dLwBtiQv3g3H VKDHJUmtc6Q8jLD4E6h4Jvrs9ODIavC03ZU+Uyb7QFPRydWmPYiHFoQdHPOWGHCOhoBQ FRPCSMjDEQGIW9HswSQnNCgVTmZs4Ob2vnY50T5OeZ0kYOJxwm3SSYSmEMpNcjhk12PI 5LiNdIo9NhDrMhj34IHdVmt7EsdvqbYWavjhamp9vM7nJuxVEo7q3Sw0d6mW+V3XmQTm H4sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=gHTaFDxY0kFDIbO8EEaM/hHEi5p5Japg0qdOJlRNpu4=; b=SWILtg8VOw5Za7TiOBlYdSbcUMIvNG3hHhbLzBd2rbZUsgtExdLmY+TNGyahDJaYuL MSrlTnPi4DL8IGzc55O6hVWH0DYp+0LzqzpIJXoxM0wNf6Jue7trmZnEOGtJtbihMdrI DMuyW2shWFm+SDfwmWG6IyLm12Nv+mBHKSHAeuZCDYNqxCaeethPaIFxG+dczHnAZB5j jULcjF+6T8GLXTFAYpPn91F3D+VSwxSUeYpOnAvaNHye9qL0WISR4Tt0kDFzVmPboZ2L osonct55mFHjjy1x/gYHP6lX/piy3SPLMjLhs2jdFHAo21hFd4pXPwLOXyzlczhFadve 4scA== X-Gm-Message-State: AG10YOSM9Q53NxL9o5Vym/rvNzQ+rqjNb/XYFG8LcHMmGazMu75nPjvx+o+ZZnpdMkMvHw== X-Received: by 10.98.86.67 with SMTP id k64mr32612740pfb.50.1453796153134; Tue, 26 Jan 2016 00:15:53 -0800 (PST) Received: from Stas-Air.local ([2602:304:cdc2:e5f0:c8d3:ee4:eeec:eefc]) by smtp.gmail.com with ESMTPSA id xv2sm356690pab.10.2016.01.26.00.15.52 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 26 Jan 2016 00:15:52 -0800 (PST) To: Yasuo Ohgaki , "internals@lists.php.net" References: X-Enigmail-Draft-Status: N1110 Message-ID: <56A72B36.5060307@gmail.com> Date: Tue, 26 Jan 2016 00:15:50 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: [RFC Discussion] Precise Session Management From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > Since this RFC is about preciseness of session management, I would like to > change session_id() validates against default allowed chars as follows. > (As well as enabling already written session_create_id() function) > This patch is against the PR. I would strongly advise not to add more things into this RFC (see my other email). If you want to change which chars are allowed in session ID, fine, but let's discuss it in separate topic. However, I would proceed *very* carefully here, as there are apps that produce their own session IDs, and breaking them does not help anybody. About, since session_id() is a user function, what do we gain by limiting what it does? For session_create_id(), don't we already have SessionHandler::create_sid()? -- Stas Malyshev smalyshev@gmail.com