Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96143 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16318 invoked from network); 25 Sep 2016 22:45:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Sep 2016 22:45:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:47776] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8C/5C-11573-58358E75 for ; Sun, 25 Sep 2016 18:45:27 -0400 Received: (qmail 28086 invoked by uid 89); 25 Sep 2016 22:45:22 -0000 Received: from unknown (HELO mail-qk0-f180.google.com) (yohgaki@ohgaki.net@209.85.220.180) by 0 with ESMTPA; 25 Sep 2016 22:45:22 -0000 Received: by mail-qk0-f180.google.com with SMTP id t7so149167058qkh.2 for ; Sun, 25 Sep 2016 15:45:21 -0700 (PDT) X-Gm-Message-State: AA6/9RkuNK7DCgsTmSn/PKz38PZBdBkeXzKA0RkwfgvyF7vUVCijvMZNOYmxdNqZXFfy+m9rSPf3M08ZfroxLA== X-Received: by 10.55.121.67 with SMTP id u64mr20965186qkc.114.1474843515774; Sun, 25 Sep 2016 15:45:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.84.168 with HTTP; Sun, 25 Sep 2016 15:44:35 -0700 (PDT) In-Reply-To: <20160925214039.E4C4E1A84473@dd1730.kasserver.com> References: <20160925214039.E4C4E1A84473@dd1730.kasserver.com> Date: Mon, 26 Sep 2016 07:44:35 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Thomas Bley Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id() From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Thomas, On Mon, Sep 26, 2016 at 6:40 AM, Thomas Bley wrote: > why not have a new session module? those who want no change for existing applications keep the old one, new projects can use the new one, those who want more security port their code to the new one. e.g. use session2_start(), etc. If basic session module design has problems, I would write new one. However, the design is not the problem, but just implementation is not finished yet. There wouldn't much BC with timestamp. In fact, almost all apps will work without any problems with timestamped session management. I would rather deprecate/remove session_regenerate_id() if timestamped session management will not be implemented. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net