Yasuo Ohgaki wrote: > On Sun, Mar 1, 2015 at 1:53 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > >> There are too many things that I would like to improve ;) >> >> https://bugs.php.net/bug.php?id=69127 >> >> This bug is known fatal bug for session module. I proposed "lazy_destroy" >> to fix >> this before, but it declined. >> >> I think the name was wrong. With the proposal, session module destories >> session data with lazy manner, but it's actually precise manner. i.e. >> Session >> module and browser is _not_ synced, so destroy must be done async manner >> (~= lazy manner. For example, delete session data 60 seconds later). >> >> The reason why session_regenerate_id(true) fails is it deletes session >> data >> immediately even if session and browser is not in sync. Session and >> browser >> cannot sync because there is no means in HTTP/Cookie. >> >> Is there any other better idea for this? > > I've updated old RFC for this bug fix. > > https://wiki.php.net/rfc/session_regenerate_id > > I would like to start discussion shortly. If anyone would like to comment > now, > I appreciate it.
The RFC mentions PHP 7.0 as proposed PHP version. Have you considered the "PHP 7.0 timeline" RFC[1]? As I understand it, any RFC put up to vote after 2015-03-15 cannot target PHP 7.0. Then again, if this will be considered a bug fix, an RFC would not be necessary at all (if I'm not mistaken). [1] <https://wiki.php.net/rfc/php7timeline> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
