Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94996
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 86437 invoked from network); 10 Aug 2016 10:18:45 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Aug 2016 10:18:45 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:49741] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7C/92-08042-18FFAA75 for <internals@lists.php.net>; Wed, 10 Aug 2016 06:18:43 -0400
Received: (qmail 83749 invoked by uid 89); 10 Aug 2016 10:18:38 -0000
Received: from unknown (HELO mail-qk0-f180.google.com) (yohgaki@ohgaki.net@209.85.220.180)
  by 0 with ESMTPA; 10 Aug 2016 10:18:38 -0000
Received: by mail-qk0-f180.google.com with SMTP id l2so38485124qkf.3
        for <internals@lists.php.net>; Wed, 10 Aug 2016 03:18:38 -0700 (PDT)
X-Gm-Message-State: AEkoousCE68oCkRSjmjaF+qJhIIdhctB2pVxfRr9IUF/swAxXJUgKMHmjx2oBP5H4rx+SA8drVoeQ13M8yHJkg==
X-Received: by 10.55.137.70 with SMTP id l67mr3227515qkd.132.1470824313173;
 Wed, 10 Aug 2016 03:18:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.242 with HTTP; Wed, 10 Aug 2016 03:17:52 -0700 (PDT)
In-Reply-To: <CAGa2bXZ9YeogdMMFKHa5iWQKcbe_0FrUAbE-pkanf5qKNx06bA@mail.gmail.com>
References: <CAGa2bXaZhfXbU6N0-JGVPzkkxRdkcjEhkHP+YrQNH=XFX714-Q@mail.gmail.com>
 <CADyq6sKE87hjt63fSUCpucGRNZendwv-WKyhA=75Yo7mbuT7rw@mail.gmail.com> <CAGa2bXZ9YeogdMMFKHa5iWQKcbe_0FrUAbE-pkanf5qKNx06bA@mail.gmail.com>
Date: Wed, 10 Aug 2016 19:17:52 +0900
X-Gmail-Original-Message-ID: <CAGa2bXaahx8bzbds7XpTLBo7XcdjfBmMWL=f3va6-ysX4fAf_Q@mail.gmail.com>
Message-ID: <CAGa2bXaahx8bzbds7XpTLBo7XcdjfBmMWL=f3va6-ysX4fAf_Q@mail.gmail.com>
To: Marco Pivetta <ocramius@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC][VOTE] Add session_create_id() function
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

On Wed, Aug 10, 2016 at 7:03 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> It requires a lot less user code
>
> session_rengenerate_id('myprefix-');
>
> yet it is safe.

I forgot to mention important requirement.
It is safe when 'session.use_strict_mode=1'.

Unfortunately, RFC for enabling use_strict_mode by default
https://wiki.php.net/rfc/session-use-strict-mode
is declined.

--
Yasuo Ohgaki
yohgaki@ohgaki.net