Hi Leigh, On Sat, Jul 2, 2016 at 5:39 PM, Leigh <lei...@gmail.com> wrote: > So I have a few issues that span the RFC and the implementation. > > Your RFC states > >> hardcoded default and php.ini-* default values are the same. > > This is not the case. > > Originally the session id length and character set were controlled by > session.hash_function and/or session.hash_bits_per_character. These > customisations to configuration will be lost when the user upgrades. You > have provided a mechanism to control length and charset, but it will require > new changes to the default settings. This needs to be noted as a breaking > change. > > Your default for session.sid_length is 48. Up to 7.1 the session id length > is 32. Your default for session.sid_bits_per_character is 5, up to 7.1 the > session id uses 4 bits per character. This is a breaking change. (Imagine > custom session handlers that validate session id character sets, or database > schemas that will truncate after 32 characters)
I'll update relevant part. > Your patch updates session.use_strict_mode from 0 to 1. I actually don't > know what this changes, but it's an undocumented change. This is unintentional. I'll remove this part. > Overall your patch looks very similar to the one I was working on earlier in > the year, although you appear to have deleted a bunch of tests that you > could have just updated. You should probably put those back, and update > them. It removes hashing, so irrelevant tests are simply removed. Thank you for point them out. I'll fix them now. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
