Hi Pierre, On Sun, Jul 3, 2016 at 2:16 PM, Pierre Joye <pierre....@gmail.com> wrote: > > On Jul 3, 2016 7:04 AM, "Yasuo Ohgaki" <yohg...@ohgaki.net> wrote: >> >> Hi Leigh, >> >> On Sat, Jul 2, 2016 at 5:39 PM, Leigh <lei...@gmail.com> wrote: >> > So I have a few issues that span the RFC and the implementation. >> > >> > Your RFC states >> > >> >> hardcoded default and php.ini-* default values are the same. >> > >> > This is not the case. >> > >> > Originally the session id length and character set were controlled by >> > session.hash_function and/or session.hash_bits_per_character. These >> > customisations to configuration will be lost when the user upgrades. You >> > have provided a mechanism to control length and charset, but it will >> > require >> > new changes to the default settings. This needs to be noted as a >> > breaking >> > change. >> > >> > Your default for session.sid_length is 48. Up to 7.1 the session id >> > length >> > is 32. Your default for session.sid_bits_per_character is 5, up to 7.1 >> > the >> > session id uses 4 bits per character. This is a breaking change. >> > (Imagine >> > custom session handlers that validate session id character sets, or >> > database >> > schemas that will truncate after 32 characters) >> >> I'll update relevant part. >> >> > Your patch updates session.use_strict_mode from 0 to 1. I actually don't >> > know what this changes, but it's an undocumented change. >> >> This is unintentional. I'll remove this part. >> >> > Overall your patch looks very similar to the one I was working on >> > earlier in >> > the year, although you appear to have deleted a bunch of tests that you >> > could have just updated. You should probably put those back, and update >> > them. >> >> It removes hashing, so irrelevant tests are simply removed. >> >> Thank you for point them out. >> I'll fix them now. > > Restart vote too please.
Sure. I extended vote period. Fix for RFC and patch is done. Please vote. https://wiki.php.net/rfc/session-id-without-hashing Thank you! -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
