Re: Session Id Collisions

From:	Yasuo Ohgaki	Date:	Mon, 05 Aug 2013 10:10:14 +0000
Subject:	Re: Session Id Collisions
References:	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Arpad,

On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray <[email protected]> wrote:

> I'm not against the idea in principle but still think having a security
> feature which just quietly fails if you're not using one of two modified
> handlers is really not good.
>
> I also think there's no great rush to add this, because as you say, it can
> be protected against in userland too.
>
> I would much rather have a robust, clean solution even if we have to wait
> until php.next for it.
>

As I wrote, we already had long discussion a year ago and decided to
include maintained branches.

This issue should be fixed 8 years ago. It's already too late to adopt IMHO.

If you would like to know the details of risks, please refer to the RFC.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (37 messages)

• Raymond IrvingThu, 23 Aug 2012 04:48:12 +0000
  • Rasmus LerdorfThu, 23 Aug 2012 15:03:32 +0000
    • Raymond IrvingThu, 23 Aug 2012 15:26:14 +0000
      • Sherif RamadanThu, 23 Aug 2012 15:53:28 +0000
        • Yasuo OhgakiSat, 25 Aug 2012 02:47:16 +0000
          • Ferenc KovacsSat, 25 Aug 2012 16:40:05 +0000
            • Yasuo OhgakiSat, 25 Aug 2012 22:02:29 +0000
              • Stas MalyshevSun, 26 Aug 2012 08:57:30 +0000
                • Yasuo OhgakiSun, 26 Aug 2012 20:49:20 +0000
          • Stas MalyshevSun, 26 Aug 2012 07:37:45 +0000
            • Yasuo OhgakiSun, 26 Aug 2012 20:55:40 +0000
              • Stas MalyshevSun, 26 Aug 2012 21:30:29 +0000
                • Yasuo OhgakiSun, 26 Aug 2012 21:33:25 +0000
              • Yasuo OhgakiSun, 26 Aug 2012 21:31:25 +0000
                • Stas MalyshevSun, 26 Aug 2012 21:35:06 +0000
                  • Yasuo OhgakiSun, 26 Aug 2012 21:36:52 +0000
                    • Yasuo OhgakiMon, 24 Dec 2012 06:32:17 +0000
                      • Yasuo OhgakiThu, 27 Jun 2013 00:36:24 +0000
                        • Arpad RayThu, 27 Jun 2013 09:02:53 +0000
                          • Yasuo OhgakiThu, 27 Jun 2013 10:51:42 +0000
                        • Stas MalyshevMon, 05 Aug 2013 00:15:43 +0000
                          • Stas MalyshevMon, 05 Aug 2013 00:45:30 +0000
                            • Yasuo OhgakiMon, 05 Aug 2013 01:01:31 +0000
                              • Arpad RayMon, 05 Aug 2013 09:22:45 +0000
                                • Yasuo OhgakiMon, 05 Aug 2013 09:50:16 +0000
                                  • Arpad RayMon, 05 Aug 2013 10:05:15 +0000
                                    • Yasuo OhgakiMon, 05 Aug 2013 10:10:14 +0000
                                      • Arpad RayMon, 05 Aug 2013 10:26:58 +0000
                                        • Yasuo OhgakiMon, 05 Aug 2013 10:38:42 +0000
                                          • Arpad RayMon, 05 Aug 2013 16:04:53 +0000
                                            • Yasuo OhgakiMon, 05 Aug 2013 18:46:51 +0000
                                              • Arpad RayMon, 05 Aug 2013 19:17:10 +0000
                                                • Stas MalyshevMon, 05 Aug 2013 19:23:33 +0000
                                                  • Arpad RayMon, 05 Aug 2013 19:33:35 +0000
                                                    • Yasuo OhgakiMon, 05 Aug 2013 19:57:40 +0000
                                                • Yasuo OhgakiMon, 05 Aug 2013 19:41:29 +0000
                      • Stas MalyshevFri, 28 Jun 2013 21:06:59 +0000