Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94703
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88705 invoked from network); 25 Jul 2016 09:50:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Jul 2016 09:50:42 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:39363] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FE/54-61920-0F0E5975 for <internals@lists.php.net>; Mon, 25 Jul 2016 05:50:42 -0400
Received: (qmail 10196 invoked by uid 89); 25 Jul 2016 09:50:37 -0000
Received: from unknown (HELO mail-qk0-f178.google.com) (yohgaki@ohgaki.net@209.85.220.178)
  by 0 with ESMTPA; 25 Jul 2016 09:50:37 -0000
Received: by mail-qk0-f178.google.com with SMTP id p74so151032251qka.0
        for <internals@lists.php.net>; Mon, 25 Jul 2016 02:50:37 -0700 (PDT)
X-Gm-Message-State: AEkoouv0LxI/dmKjWncVXDDS+lctKL0DgEyWnKDHh0/T/8J16zKajab+UZdvscZzQioLNB5sU9jcXG7olEIbVw==
X-Received: by 10.55.131.198 with SMTP id f189mr21618216qkd.28.1469440230724;
 Mon, 25 Jul 2016 02:50:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.242 with HTTP; Mon, 25 Jul 2016 02:49:51 -0700 (PDT)
Date: Mon, 25 Jul 2016 18:49:51 +0900
X-Gmail-Original-Message-ID: <CAGa2bXbzdzrG33o=d6dqfK0MQsAd9uuyEiHhHLQ0qo4_MuX_oQ@mail.gmail.com>
Message-ID: <CAGa2bXbzdzrG33o=d6dqfK0MQsAd9uuyEiHhHLQ0qo4_MuX_oQ@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: [RFC][VOTE] Session ID without hashing - Vote reopened and restarted
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

Due to defects in the RFC, vote is reopened and restarted.
Followings are changes from 1st vote.

 - Removed session.use_strict_mode change
   (Changed when vote reopened)
 - Added INI default vote options, incompatible and compatible.
   (Changed when 2nd vote is restarted)
 - Extended vote period for 2 days.

These who are voted already have to **VOTE AGAIN**.
Sorry for the inconvenience and confusion!

============

Currently session module uses obsolete MD5 for session ID. With
CSPRNG, hashing is redundant and needless. It adds hash module
dependency and inefficient.

This proposal cleans up session code by removing hash.

https://wiki.php.net/rfc/session-id-without-hashing

I set vote requires 2/3 support.
Please describe the reason why when you against this RFC. Reasons are
important for improvements!

Vote ends 2016/08/02 23:59:59 UTC.

Thank you for voting!

--
Yasuo Ohgaki
yohgaki@ohgaki.net