Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94403 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96735 invoked from network); 6 Jul 2016 16:16:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jul 2016 16:16:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.52 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.215.52 mail-lf0-f52.google.com Received: from [209.85.215.52] ([209.85.215.52:34613] helo=mail-lf0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4D/11-18622-FDE2D775 for ; Wed, 06 Jul 2016 12:16:31 -0400 Received: by mail-lf0-f52.google.com with SMTP id h129so158075475lfh.1 for ; Wed, 06 Jul 2016 09:16:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3y18DqkhpByTtNvrDTgjLrGmjYgWlKOe7CSXhVhKsoM=; b=nLkTarsTjLRoopIuUYVHCu6MgzU/ON0jtJIHeiBIzIdNkZ6+NO47CRJwcjIM0mc0Tv 98TJP0rOyWJnZ6+GbSuAyjJ2qod4PTrT2cRUJ0PpP5AXyFDWo4N0gbIadC+KLwi1QyZK Aj0bnGtt1GdAOiXdh/DWcFKzqIv0YVZtnxJ7fVjzX2W4uJTtnCyIXcg85cnZvIPPel5t g4WCYz1kosIwX8IRFsmZoKuYceVJLwyVqifciG6KglMH4N6s6AbuLNC2lG5mYmcNv/Se KRB4mQRwzBpe//oH2l5D9XnKKsURuM8p1HqadLyY/lVqpZe8HSfky+vXLmh5cgf6laQL 1iaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3y18DqkhpByTtNvrDTgjLrGmjYgWlKOe7CSXhVhKsoM=; b=BnVvhhUyDbAhIxJ05EsmlnvglpOMfhfHXJN/u+dQb7VhrA9mhimM2MMpFwUxA2P0i8 I7SYXjWrevvKZ1xkw4wBQKnfVkADS16a2QqJhGXm87gHOB8jTlLcG37GaSR1h9GcL51i uJvQ6JwjqVhMrUsgQliGFhcuiivhOcpyNkh0qA8r6wJ1Ln5s2sikUZd956Ap7i67I37g I2TKcdHM7mSrq6Mo3CsIwyG7D/OclhKI0/FwYUDQx0hU7yBz9upPj9JkAedn5TyxF6ua oGnNU9TrE0D/NCpDIYUnlWD6v59czPRNlBO+ANn4ExDuT2vdeM9KZs4acQASLWIlWgBb Ku/g== X-Gm-Message-State: ALyK8tJpGxlJ99GPV3Bv2MpWhV2lD/OmKADUwz7tF986+d7CcXpTtaL2toBQmlvkfi4iu24JwkZ/eB7EuBmJSQ== X-Received: by 10.25.21.165 with SMTP id 37mr4940035lfv.1.1467821788475; Wed, 06 Jul 2016 09:16:28 -0700 (PDT) MIME-Version: 1.0 References: <9e874892-d682-1c0d-77ad-21d5b44ce25b@gmx.de> In-Reply-To: <9e874892-d682-1c0d-77ad-21d5b44ce25b@gmx.de> Date: Wed, 06 Jul 2016 16:16:18 +0000 Message-ID: To: Christoph Becker , Yasuo Ohgaki Cc: PHP internals Content-Type: multipart/alternative; boundary=001a11407ec84bba520536f9e4a3 Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Session ID without hashing From: leight@gmail.com (Leigh) --001a11407ec84bba520536f9e4a3 Content-Type: text/plain; charset=UTF-8 On Wed, 6 Jul 2016 at 13:10 Christoph Becker wrote: > > Yes, I am aware that the patch uses php_random_bytes(), but what happens > when it fails, in which case php_session_create_id() returns null[1]? > Would it be impossible to use a session in this case? > > [1] > < > https://github.com/php/php-src/pull/1850/files#diff-52eb9eb7f9d5d9125fbb1337a6541c06R315 > > > > -- > Christoph M. Becker > The FAILURE check here is redundant because it is using the _throw variant of random_bytes, which means an exception is thrown if there isn't a good source of random available. --001a11407ec84bba520536f9e4a3--