Hi all, Currently session module uses obsolete MD5 for session ID. With CSPRNG, hashing is redundant and needless. It adds hash module dependency and inefficient (There is no reason to use hash for CSPRNG generated bytes).
This proposal cleans up session code by removing hash. https://wiki.php.net/rfc/session-id-without-hashing I set vote requires 2/3 support. Please describe the reason why when you against this RFC. Reasons are important for improvements! Thank you! -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
