Hi Leigh, On Fri, Aug 9, 2013 at 5:28 PM, Leigh <lei...@gmail.com> wrote:
> On 8 August 2013 23:31, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > >> >> How php_serialize would cause BC issues for PHP users? >> > > Not everyone uses PHP in the way you would expect. Just how many sites out > there do you think use PHPs session functionality? I'd go for hundreds of > millions, and that's a pretty big target to hit. > > If you session_encode() something on 5.x with default settings and 5.x+1 > cannot session_decode() it with default settings, that is a BC break. > Mixing versions with shared data should be carefully handled for almost all apps. Even if this is the case, users may use old serializer so no BC. Anyway, we also have to consider number of bug/request reports that it solves. There are countless bug reports that were closed as "won't fix"/"not a bug" because of the register_globals support in session module. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
