Hi Thomas, On Mon, Sep 26, 2016 at 6:40 AM, Thomas Bley <ma...@thomasbley.de> wrote: > why not have a new session module? those who want no change for existing > applications keep the old one, new projects can use the new one, those who > want more security port their code to the new one. e.g. use session2_start(), > etc.
If basic session module design has problems, I would write new one. However, the design is not the problem, but just implementation is not finished yet. There wouldn't much BC with timestamp. In fact, almost all apps will work without any problems with timestamped session management. I would rather deprecate/remove session_regenerate_id() if timestamped session management will not be implemented. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
