Re: Session Id Collisions

From:	Yasuo Ohgaki	Date:	Sat, 25 Aug 2012 22:02:29 +0000
Subject:	Re: Session Id Collisions
References:	1 2 3 4 5 6	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

2012/8/26 Ferenc Kovacs <[email protected]>:
>
>
> On Sat, Aug 25, 2012 at 4:47 AM, Yasuo Ohgaki <[email protected]> wrote:
>>
>> Hi,
>>
>> I was willing to add collision detection to session module
>> after session adoption patch is merged.
>>
>> What's the status of session adoption patch?
>> I've created patches for all 3 versions and I think Stats
>> is going to merge it to master and PHP 5.4.
>>
>
> Please don't top post.
> What is this session adoption patch?
> Is it (part of) the Strict session rfc/patch from you?

Yes.
Strict session patch reject uninitialized session ID, thus it
prevents session adoption/fixation.

I know session ID collision will not happen most likely, but
there are few people who worries collision. We can check
session ID collision when it is generated.

It's easy patch, but I didn't include the patch to focus on
adoption.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (37 messages)

• Raymond IrvingThu, 23 Aug 2012 04:48:12 +0000
  • Rasmus LerdorfThu, 23 Aug 2012 15:03:32 +0000
    • Raymond IrvingThu, 23 Aug 2012 15:26:14 +0000
      • Sherif RamadanThu, 23 Aug 2012 15:53:28 +0000
        • Yasuo OhgakiSat, 25 Aug 2012 02:47:16 +0000
          • Ferenc KovacsSat, 25 Aug 2012 16:40:05 +0000
            • Yasuo OhgakiSat, 25 Aug 2012 22:02:29 +0000
              • Stas MalyshevSun, 26 Aug 2012 08:57:30 +0000
                • Yasuo OhgakiSun, 26 Aug 2012 20:49:20 +0000
          • Stas MalyshevSun, 26 Aug 2012 07:37:45 +0000
            • Yasuo OhgakiSun, 26 Aug 2012 20:55:40 +0000
              • Stas MalyshevSun, 26 Aug 2012 21:30:29 +0000
                • Yasuo OhgakiSun, 26 Aug 2012 21:33:25 +0000
              • Yasuo OhgakiSun, 26 Aug 2012 21:31:25 +0000
                • Stas MalyshevSun, 26 Aug 2012 21:35:06 +0000
                  • Yasuo OhgakiSun, 26 Aug 2012 21:36:52 +0000
                    • Yasuo OhgakiMon, 24 Dec 2012 06:32:17 +0000
                      • Yasuo OhgakiThu, 27 Jun 2013 00:36:24 +0000
                        • Arpad RayThu, 27 Jun 2013 09:02:53 +0000
                          • Yasuo OhgakiThu, 27 Jun 2013 10:51:42 +0000
                        • Stas MalyshevMon, 05 Aug 2013 00:15:43 +0000
                          • Stas MalyshevMon, 05 Aug 2013 00:45:30 +0000
                            • Yasuo OhgakiMon, 05 Aug 2013 01:01:31 +0000
                              • Arpad RayMon, 05 Aug 2013 09:22:45 +0000
                                • Yasuo OhgakiMon, 05 Aug 2013 09:50:16 +0000
                                  • Arpad RayMon, 05 Aug 2013 10:05:15 +0000
                                    • Yasuo OhgakiMon, 05 Aug 2013 10:10:14 +0000
                                      • Arpad RayMon, 05 Aug 2013 10:26:58 +0000
                                        • Yasuo OhgakiMon, 05 Aug 2013 10:38:42 +0000
                                          • Arpad RayMon, 05 Aug 2013 16:04:53 +0000
                                            • Yasuo OhgakiMon, 05 Aug 2013 18:46:51 +0000
                                              • Arpad RayMon, 05 Aug 2013 19:17:10 +0000
                                                • Stas MalyshevMon, 05 Aug 2013 19:23:33 +0000
                                                  • Arpad RayMon, 05 Aug 2013 19:33:35 +0000
                                                    • Yasuo OhgakiMon, 05 Aug 2013 19:57:40 +0000
                                                • Yasuo OhgakiMon, 05 Aug 2013 19:41:29 +0000
                      • Stas MalyshevFri, 28 Jun 2013 21:06:59 +0000