Hi again, On Sat, Jan 24, 2015 at 7:48 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi Andrey, > > On Sat, Jan 24, 2015 at 6:34 PM, Andrey Andreev <n...@devilix.net> wrote: >> >> > This is because session module lacks user defined serializer. Save >> > handler >> > handles session data storage. Serialize handler handles how data is >> > converted/represented. IMHO. >> > >> >> That's not the only use case. >> >> Some time ago I proposed a session.match_ip feature and argued that if >> I wanted to implement it in userland code, I'd have to implement the >> *whole* session handler from scratch. An example using the >> SessionHandler class proved me wrong in that regard. > > > For me, IP address matching check does not belong to save handler. > I would implement it in other place. > > What's the reason why you need to implement IP address matching in > save handler?
To prevent session fixation? Doesn't matter, I was just giving you an example. Cheers, Andrey. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
