Hi, On Tue, Mar 22, 2016 at 9:52 PM, Pascal MARTIN, AFUP < mail...@pascal-martin.fr> wrote:
> Le 09/03/2016 10:14, Yasuo Ohgaki a écrit : > >> Vote starts 2016-03-09-09:00(UTC) and ends 2016-03-23-09:00(UTC) >> https://wiki.php.net/rfc/precise_session_management#vote >> > > Hi, > > At AFUP, we would be +1 on this RFC. > > Basically: better security and pretty-much no bc-break, is a good thing. > > Thanks for your work on this! > I respect your opinion in wanting to support the proposal, but "pretty much no BC break"? The RFC itself lists 7 points under "Backwards Incompatible Changes" and there's at least one more in session_destroy() not deleting data immediately. It's also not hard to imagine a lot of BC breaks and other unadressed problems in custom handlers passed to session_set_save_handler(). Cheers, Andrey.
