Hi all, On Sun, Mar 1, 2015 at 1:53 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> There are too many things that I would like to improve ;) > > https://bugs.php.net/bug.php?id=69127 > > This bug is known fatal bug for session module. I proposed "lazy_destroy" > to fix > this before, but it declined. > > I think the name was wrong. With the proposal, session module destories > session data with lazy manner, but it's actually precise manner. i.e. > Session > module and browser is _not_ synced, so destroy must be done async manner > (~= lazy manner. For example, delete session data 60 seconds later). > > The reason why session_regenerate_id(true) fails is it deletes session > data > immediately even if session and browser is not in sync. Session and > browser > cannot sync because there is no means in HTTP/Cookie. > > Is there any other better idea for this? > I've updated old RFC for this bug fix. https://wiki.php.net/rfc/session_regenerate_id I would like to start discussion shortly. If anyone would like to comment now, I appreciate it. Thank you. -- Yasuo Ohgaki yohg...@ohgaki.net
