2012/8/26 Ferenc Kovacs <tyr...@gmail.com>: > > > On Sat, Aug 25, 2012 at 4:47 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> >> Hi, >> >> I was willing to add collision detection to session module >> after session adoption patch is merged. >> >> What's the status of session adoption patch? >> I've created patches for all 3 versions and I think Stats >> is going to merge it to master and PHP 5.4. >> > > Please don't top post. > What is this session adoption patch? > Is it (part of) the Strict session rfc/patch from you?
Yes. Strict session patch reject uninitialized session ID, thus it prevents session adoption/fixation. I know session ID collision will not happen most likely, but there are few people who worries collision. We can check session ID collision when it is generated. It's easy patch, but I didn't include the patch to focus on adoption. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
