Re: [VOTE] Secure Session Module Options/Internal by Default

From:	Yasuo Ohgaki	Date:	Fri, 21 Feb 2014 00:15:13 +0000
Subject:	Re: [VOTE] Secure Session Module Options/Internal by Default
References:	1 2 3 4 5 6	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Tjerk,

On Tue, Feb 18, 2014 at 8:58 PM, Tjerk Meesters <[email protected]>wrote:

> In that case, the RFC should be updated with the corresponding commit logs
> (part of the process) when it was merged with the project; this makes it
> easier to discuss historical commits based on it.


Thank you for point it out.
I'll update the RFC.  If document is not updated, I'll update it, too.

Regarding session_id() behavior, it could be made to accept user specified
session ID independent of "use_strict_mode". To accept user specified
session ID when "use_strict_mode=on", there should be an API that generates
secure session ID. Otherwise, user may create insecure ID and set it.

Any call for RFC, anyone? I'm willing to propose this.

--
Yasuo Ohgaki
[email protected]


   

Thread (9 messages)

• Yasuo OhgakiMon, 17 Feb 2014 04:27:16 +0000
  • Damien TournoudTue, 18 Feb 2014 10:38:33 +0000
    • Yasuo OhgakiTue, 18 Feb 2014 10:49:26 +0000
      • Tjerk MeestersTue, 18 Feb 2014 10:56:14 +0000
        • Yasuo OhgakiTue, 18 Feb 2014 11:09:52 +0000
          • Tjerk MeestersTue, 18 Feb 2014 11:58:58 +0000
            • Yasuo OhgakiFri, 21 Feb 2014 00:15:13 +0000
  • Zeev SuraskiTue, 18 Feb 2014 11:46:05 +0000RE: [PHP-DEV] [VOTE] Secure Session Module Options/Internal by Default
    • Yasuo OhgakiTue, 18 Feb 2014 11:57:23 +0000Re: [VOTE] Secure Session Module Options/Internal by Default