Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96142 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 13397 invoked from network); 25 Sep 2016 22:12:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Sep 2016 22:12:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=pmjones88@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pmjones88@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.177 as permitted sender) X-PHP-List-Original-Sender: pmjones88@gmail.com X-Host-Fingerprint: 209.85.161.177 mail-yw0-f177.google.com Received: from [209.85.161.177] ([209.85.161.177:33824] helo=mail-yw0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D1/0C-11573-7EB48E75 for ; Sun, 25 Sep 2016 18:12:55 -0400 Received: by mail-yw0-f177.google.com with SMTP id g192so147341182ywh.1 for ; Sun, 25 Sep 2016 15:12:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Q/YA8rcRdiFQ8/jUZgzgjQ6ql6egJiwngmGSriO7814=; b=Ywd3dBbw+SyD29dI00MoXmEwnyYQj9KWKDh65o6Py1hDTDSlqG4W5TTX3Vobx7tqGd qFbvIkS7DFSebJ4GueKrza37FrbMhlgPjmY90LwsqlmJKLImTzVMlmoPvF2GO/OPVBK2 /4z1fnBcLXHvzd443a0OFJM3skqIwmcqTj6bed0jsXIdGun424+5Nx9FsqDO/DA9t2za emepaS1+H+8hkcvuZKOZerzS2RKDLGe46oyavMKYJbeXIag1D31SVfXI2Uk7rrNp1mr2 2Cv0NT1/HbEbEiI6XR8sPrAqt31nPj6D7/F0WNEYIC1pCoopzGnFkwc/L2Y/TMPBlGdo H6Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Q/YA8rcRdiFQ8/jUZgzgjQ6ql6egJiwngmGSriO7814=; b=jV1FBLK8WHvgD4AqIAOVhl4umgopVKrtIwBoOSeHsDgkDP+bCdSdHW/USec+7IEjRO sVTrjBP+vORGyAckRUKaNLSDz0NCSOIJTPKydprsAEJlLw669PtWM3m96i4KaWidE+w1 FHUWPwQetUpyPYSHD9KZ569txjpAetaFUHrAKt8NWM2mRWVV4Pmns2D6aRvsqy/R5H3A MFfJs8j+ZNd4Erk1hEAnveU/NwcIRY/F3wbsCl738DQvlP+G8AJNabi8K8t/HBFyZd+X 6xrueZ9TpAikFek/kjKUI8Bu7Sn5vGw9vCEQ6Ty1/eCZSiZoxpY8vkUbYp2h81TE7Q2/ 7ocg== X-Gm-Message-State: AE9vXwOEqKHc2T9cvadRYxwzhX49W96haigQFnak6g4kaJVo4pU5xLA0sMJzRQ/TStDS1w== X-Received: by 10.13.224.193 with SMTP id j184mr14812353ywe.260.1474841572769; Sun, 25 Sep 2016 15:12:52 -0700 (PDT) Received: from ?IPv6:2602:306:bdf1:d380:c9c1:8d32:7de8:d95f? ([2602:306:bdf1:d380:c9c1:8d32:7de8:d95f]) by smtp.gmail.com with ESMTPSA id 17sm7466695ywk.17.2016.09.25.15.12.51 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 25 Sep 2016 15:12:52 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) In-Reply-To: <20160925214039.E4C4E1A84473@dd1730.kasserver.com> Date: Sun, 25 Sep 2016 17:12:50 -0500 Cc: internals@lists.php.net, yohgaki@ohgaki.net Content-Transfer-Encoding: quoted-printable Message-ID: <4FE8FD9E-3F86-4DFA-B201-F178F7FA143E@gmail.com> References: <20160925214039.E4C4E1A84473@dd1730.kasserver.com> To: Thomas Bley X-Mailer: Apple Mail (2.3124) Subject: Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id() From: pmjones88@gmail.com (Paul Jones) > On Sep 25, 2016, at 16:40, Thomas Bley wrote: >=20 > why not have a new session module? those who want no change for = existing applications keep the old one, new projects can use the new = one, those who want more security port their code to the new one. e.g. = use session2_start(), etc. If that's going to be the approach (and I find it appealing) then = perhaps there should be other things accomplished as part of the new = work; e.g., disable the automatic sending of cookie headers and make it = explicit. Or wrap all the features in objects. (I don't want to = volunteer anyone else for more work, though, and I myself am not = competent to implement those ideas.) --=20 Paul M. Jones http://paul-m-jones.com