Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94823 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 83923 invoked from network); 4 Aug 2016 08:12:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2016 08:12:02 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:37959] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 43/A3-53111-FC8F2A75 for ; Thu, 04 Aug 2016 04:12:01 -0400 Received: (qmail 55973 invoked by uid 89); 4 Aug 2016 08:11:55 -0000 Received: from unknown (HELO mail-qk0-f180.google.com) (yohgaki@ohgaki.net@209.85.220.180) by 0 with ESMTPA; 4 Aug 2016 08:11:55 -0000 Received: by mail-qk0-f180.google.com with SMTP id p186so99172562qkd.1 for ; Thu, 04 Aug 2016 01:11:54 -0700 (PDT) X-Gm-Message-State: AEkoouvaQA301Vi7i85c1fWQT2LWuDMtV+cfQXYmSJbz0i8fDgQRH378G9CxeqDPmWdjl7YQITzEUqdp8eN8vw== X-Received: by 10.55.95.195 with SMTP id t186mr4465743qkb.96.1470298308905; Thu, 04 Aug 2016 01:11:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.85.242 with HTTP; Thu, 4 Aug 2016 01:11:08 -0700 (PDT) In-Reply-To: References: Date: Thu, 4 Aug 2016 17:11:08 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Davey Shafik Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Session ID without hashing - Vote reopened and restarted From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi all and Davey, On Wed, Aug 3, 2016 at 4:36 PM, Davey Shafik wrote: > > Unfortunately this missed beta2 (tagged yesterday), I'll confirm with Joe > about putting it in for 7.1beta3. > > Thanks for those last minute changes, I'm much happier with this result! :) I just realized, php.ini-development/production uses session.hash_func=0 session.hash_bits_per_character=5 (Compiled default is 4) The session ID will be ^[0-9a-v]{26}$ (length=26 chars) So I'll modify php.ini-* default to session.sid_length=26 session.sid_bit_per_character=5 This matches the current default session ID format used widely. Sorry for the confusions, but compatible should mean compatible with current default. Regards, P.S. Davery, should I push the patch to 7.1 and master branch, or you will? I don't mind pasting the patch for 7.1 branch to gist. -- Yasuo Ohgaki yohgaki@ohgaki.net