>From: Anton Smirnov <aroke...@outlook.com> >Date: Sun, 3 Mar 2024 at 19:56 > >Greetings! > >As I know some session-related middlewares force custom-only session_id >handling by setting > > use_cookies = Off > use_only_cookies = On > >and then using session_id(...) directly > >Example: >https://github.com/middlewares/php-session/blob/master/src/PhpSession.php#L137 > >I think if you're making this hack impossible, you should provide an >alternative non-hackish way to do this. > >Maybe just keep use_cookies = Off > >A wild idea: > >1) Add a temporary config > > # by default; current behavior; > # throws a deprecation right from the introduction > cookies.use_post_get = On > # do not set the session from POST and GET > cookies.use_post_get = Off > >Remove it in 9 with the rest > >2) keep use_cookies in PHP 9 with the updated meaning > >I don't think it's a good solution but maybe it can spark a better one > >Best, >Anton
I think the better option is to make this explicit and add a config along the lines of `automatic_session_detection` (name to be bikeshed) defaulting to `On`, and in your use-case setting it to `Off` explicitly. Regards, Mel
