Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91872 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59989 invoked from network); 22 Mar 2016 20:03:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Mar 2016 20:03:09 -0000 Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.218.51 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.218.51 mail-oi0-f51.google.com Received: from [209.85.218.51] ([209.85.218.51:35755] helo=mail-oi0-f51.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 25/06-30596-AF4A1F65 for ; Tue, 22 Mar 2016 15:03:07 -0500 Received: by mail-oi0-f51.google.com with SMTP id w20so134621707oia.2 for ; Tue, 22 Mar 2016 13:03:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ZQuHI2fIFGxNQyUcRPP/6YELt0+uDtD03ejTpYQUHXw=; b=f/HjSpeT0ZYMlmP8Ljp7HCIEFYLt8ixpNCprzO2DGyl3QSzLWQsn3BSrlEfCqdKLUD cZkVx8j9QQDsK24ePSBZAVZBiMuYWEFgu9lOsK1TEcuoitiQvEOXVXfx1r6Ta3E/sLpy T/h7rbjGkRZHpXFa9seVtDqVvjcHyOZuGZXIE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ZQuHI2fIFGxNQyUcRPP/6YELt0+uDtD03ejTpYQUHXw=; b=Kh2uOfpo5nDKw3h5ej0jogZsZxjT3a5gww05e8sGcnopZJvIuCNAA8CwpP7xTeKD+N wzaRSBvQagXRS5bvDL+eVqHjBL3oNiydYNUYx7yq5/b0RGUvQSJIrN1sjOEGuFnfkShh Y2PP7bEslRkPIkeMC7gcTU01wh946BF6UCGUP8R2o4FKGZHTK+EFp4ko4Bdzc65CIGNL up2qcYjA+jRe3T7vvejl5v+lExdsN4VrEhdHy4mrlXNU9y+akiO5/JSCUULtLkgCcl5q lftG1xSaHJmr4a2D9j9MZIVm7+3Zho1VwWaTDlH80mL2RMTiJ6JOjXBwSFmcoZHu1dx9 IRMQ== X-Gm-Message-State: AD7BkJKrq+7PG6PDe04C+xnO+ju+uTeWdy1U4+SpTbevpiTE/em/Dn330nupPfzuqg239lWXo2Ebn+zCe12ivA== MIME-Version: 1.0 X-Received: by 10.157.45.231 with SMTP id g94mr4175882otb.149.1458676983533; Tue, 22 Mar 2016 13:03:03 -0700 (PDT) Received: by 10.202.175.74 with HTTP; Tue, 22 Mar 2016 13:03:03 -0700 (PDT) In-Reply-To: <56F1A28F.90000@pascal-martin.fr> References: <56F1A28F.90000@pascal-martin.fr> Date: Tue, 22 Mar 2016 22:03:03 +0200 Message-ID: To: "Pascal MARTIN, AFUP" Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=94eb2c0470ae722b68052ea8b37a Subject: Re: [PHP-DEV] [RFC][VOTE] Precise session management From: narf@devilix.net (Andrey Andreev) --94eb2c0470ae722b68052ea8b37a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, On Tue, Mar 22, 2016 at 9:52 PM, Pascal MARTIN, AFUP < mailing@pascal-martin.fr> wrote: > Le 09/03/2016 10:14, Yasuo Ohgaki a =C3=A9crit : > >> Vote starts 2016-03-09-09:00(UTC) and ends 2016-03-23-09:00(UTC) >> https://wiki.php.net/rfc/precise_session_management#vote >> > > Hi, > > At AFUP, we would be +1 on this RFC. > > Basically: better security and pretty-much no bc-break, is a good thing. > > Thanks for your work on this! > I respect your opinion in wanting to support the proposal, but "pretty much no BC break"? The RFC itself lists 7 points under "Backwards Incompatible Changes" and there's at least one more in session_destroy() not deleting data immediately. It's also not hard to imagine a lot of BC breaks and other unadressed problems in custom handlers passed to session_set_save_handler(). Cheers, Andrey. --94eb2c0470ae722b68052ea8b37a--