Hi all,
On Fri, Apr 4, 2014 at 6:14 PM, Yasuo Ohgaki <[email protected]> wrote:
> Sure.
> These are simple changes for better session security.
> I have to update RFC so that everyone understand side effects of
> these changes.
>
> hash_bits_per_characters may stay the same and additional char to
> files save handler could be added simply.
> I'll update the RFC weekend, hopefully.
>
I updated the RFC. Sorry, it took so long.
I modified the RFC so that it only proposes INI value changes.
i.e. Removed behavior modifications "hash function fall back" and
"session ID collision detection in session module rather than save handler".
https://wiki.php.net/rfc/secure-session-options-by-default
Which version should include these?
Any comments?
--
Yasuo Ohgaki
[email protected]