Re: [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory

From:	Yasuo Ohgaki	Date:	Mon, 20 Jan 2014 12:07:07 +0000
Subject:	Re: [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory
References:	1 2 3 4 5 6 7 8 9 10	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Stas,

On Mon, Jan 20, 2014 at 7:30 PM, Yasuo Ohgaki <[email protected]> wrote:

> On Mon, Jan 20, 2014 at 6:17 PM, Yasuo Ohgaki <[email protected]> wrote:
>
>> I'll send mail when I finish editing the RFC, please hold to vote.
>
>
> Before I re-open vote, I would like to ensure if the RFC has no
> issues to discuss.
>
> https://wiki.php.net/rfc/session-lock-ini
>
> Thank you for reviewing RFC!


I was forgetting whole point of having session.lazy_destroy.
This feature should be enabled by default to destroy old session
when session_regenerate_id() is called.

Regenerating session ID with reliable manner is mandatory for
better security. Therefore, I've changed RFC to enable session.lazy_destroy
by default. Default delay is matter to discuss, though.

Please refer to the referenced discussion in the RFC.
 http://marc.info/?l=php-internals&m=138242492914526&w=2

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (42 messages)

• Yasuo OhgakiMon, 20 Jan 2014 00:37:51 +0000
  • Stas MalyshevMon, 20 Jan 2014 02:56:31 +0000
    • Yasuo OhgakiMon, 20 Jan 2014 04:27:03 +0000
      • Yasuo OhgakiMon, 20 Jan 2014 04:45:54 +0000
      • Stas MalyshevMon, 20 Jan 2014 05:04:53 +0000
        • Yasuo OhgakiMon, 20 Jan 2014 07:13:53 +0000
          • Stas MalyshevMon, 20 Jan 2014 07:35:33 +0000
            • Yasuo OhgakiMon, 20 Jan 2014 08:22:52 +0000
              • Stas MalyshevMon, 20 Jan 2014 08:50:30 +0000
                • Yasuo OhgakiMon, 20 Jan 2014 09:17:10 +0000
                  • Yasuo OhgakiMon, 20 Jan 2014 10:30:57 +0000
                    • Yasuo OhgakiMon, 20 Jan 2014 12:07:07 +0000
  • Bas van BeekMon, 20 Jan 2014 08:27:07 +0000
    • Yasuo OhgakiMon, 20 Jan 2014 08:36:29 +0000
    • Yasuo OhgakiMon, 20 Jan 2014 08:42:38 +0000
      • Johannes SchlüterMon, 20 Jan 2014 14:18:06 +0000
        • Yasuo OhgakiMon, 20 Jan 2014 23:06:25 +0000
          • Yasuo OhgakiTue, 21 Jan 2014 01:08:25 +0000
  • Yasuo OhgakiThu, 30 Jan 2014 00:29:50 +0000Re: [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory
    • Stas MalyshevThu, 30 Jan 2014 01:09:05 +0000
      • Yasuo OhgakiThu, 30 Jan 2014 03:01:39 +0000
        • Patrick SchaafThu, 30 Jan 2014 04:41:41 +0000Re: Re: [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory
          • Patrick SchaafThu, 30 Jan 2014 04:50:40 +0000
            • Patrick SchaafThu, 30 Jan 2014 06:37:35 +0000
              • Yasuo OhgakiThu, 30 Jan 2014 07:17:58 +0000
                • Patrick SchaafThu, 30 Jan 2014 07:30:35 +0000
                  • Yasuo OhgakiThu, 30 Jan 2014 07:39:28 +0000
                • Yasuo OhgakiThu, 30 Jan 2014 07:31:51 +0000
                • Patrick SchaafThu, 30 Jan 2014 07:39:21 +0000
              • Yasuo OhgakiSat, 01 Feb 2014 01:13:42 +0000
                • Patrick SchaafSat, 01 Feb 2014 08:52:04 +0000
          • Yasuo OhgakiThu, 30 Jan 2014 05:34:35 +0000
            • Patrick SchaafThu, 30 Jan 2014 05:44:41 +0000
              • Yasuo OhgakiThu, 30 Jan 2014 05:52:54 +0000
                • Sanford WhitemanThu, 30 Jan 2014 06:24:32 +0000
                • Pierre JoyeThu, 30 Jan 2014 06:28:29 +0000
                • Patrick SchaafThu, 30 Jan 2014 06:31:01 +0000
                  • Yasuo OhgakiThu, 30 Jan 2014 09:31:05 +0000
                    • Yasuo OhgakiSat, 01 Feb 2014 01:39:56 +0000
        • Stas MalyshevThu, 30 Jan 2014 07:16:59 +0000
          • Yasuo OhgakiThu, 30 Jan 2014 07:26:50 +0000
  • Yasuo OhgakiSat, 01 Feb 2014 22:54:31 +0000Re: [VOTE] Introduce session.lock, session.lazy_write and session.lazy_destory