Hi all, On Tue, Jul 12, 2016 at 10:01 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Vote for "Enable session.use_strict_mode by default" RFC has started. > > https://wiki.php.net/rfc/session-use-strict-mode > > Vote ends 2017/07/19 UTC. >
Thank you for voting! Vote is finish 4 vs 4. The RFC is declined. I'll improve the manual so that attackers would not enjoy stealing PHP web app accounts. Besides documentation, we must improve the way it is now. i.e. Do not let attackers steal accounts easily with default configuration. To decide next move, I would like to start hearing the reason why from those who are against this RFC. Regards, BTW, we cannot blame browser developers because cookie spec is broken in first place. -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
