Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94377
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 54560 invoked from network); 4 Jul 2016 22:40:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Jul 2016 22:40:14 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:55375] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1E/E2-30328-BC5EA775 for <internals@lists.php.net>; Mon, 04 Jul 2016 18:40:12 -0400
Received: (qmail 39592 invoked by uid 89); 4 Jul 2016 22:40:08 -0000
Received: from unknown (HELO mail-qk0-f177.google.com) (yohgaki@ohgaki.net@209.85.220.177)
  by 0 with ESMTPA; 4 Jul 2016 22:40:08 -0000
Received: by mail-qk0-f177.google.com with SMTP id j2so221419171qkf.3
        for <internals@lists.php.net>; Mon, 04 Jul 2016 15:40:07 -0700 (PDT)
X-Gm-Message-State: ALyK8tK020+c7BufYN20SI/axuPwATtvjYt7KIuMNkC13W4/hQEDWNBRPihGXCkYJq3Z07ZmZCgXgVmVZYfU+w==
X-Received: by 10.55.77.4 with SMTP id a4mr18556767qkb.198.1467672000696; Mon,
 04 Jul 2016 15:40:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.17.33 with HTTP; Mon, 4 Jul 2016 15:39:20 -0700 (PDT)
Date: Tue, 5 Jul 2016 07:39:20 +0900
X-Gmail-Original-Message-ID: <CAGa2bXa8um-AFZgYFydm9s10D2XGUj6ARTWvJjwEsd+Lj=NwTw@mail.gmail.com>
Message-ID: <CAGa2bXa8um-AFZgYFydm9s10D2XGUj6ARTWvJjwEsd+Lj=NwTw@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: [RFC][DISCUSSION] Enable session.use_strict_mode by default
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

Enabling session.use_strict_mode is mandatory setting for secure
session management. This RFC proposes enabling session.use_strict_mode
by default.

https://wiki.php.net/rfc/session-use-strict-mode

I appreciate  any comments/improvements/corrections.

Thank you!

--
Yasuo Ohgaki
yohgaki@ohgaki.net