Hi all, On Wed, Aug 10, 2016 at 6:14 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > This is RFC for adding session_create_id() function. > > Session ID string uses special binary to string conversion. Users > should write lengthy and slow code to have the same session ID string > as session module does. It also validates and makes sure generated > session ID string has no collision. (This cannot be done easily by > user script and 3rd party C written save handlers) > > https://wiki.php.net/rfc/session-create-id > It requires 2/3 majority to pass. > Vote starts: 2016/08/10 - Vote ends: 2016/08/17 23:59:59 UTC
I've added discussion section so that new readers do not have to read thread. https://wiki.php.net/rfc/session-create-id#discussions Those who are not feeling session_create_id() function might not be needed, please try to write session ID validation enabled (NOTE: Session ID validation is **mandatory** for session security) user defined session save handler. Then you'll see why. Not many people voted yet, but this function is "missing must have API". Thank you for voting! https://wiki.php.net/rfc/session-create-id Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
