Hi Yasuo,
I find it hard to give feedback on this RFC as I cannot understand
what it is saying.
In an RFC, defining behaviour just through example like this:
> Obsolete session data has NEW_SID and TTL upto session.ttl_destroy.
>
> $_SESSION['__PHP_SESSION__']['NEW_SID'] = <new session ID>;
> $_SESSION['__PHP_SESSION__']['TTL'] = time() +
> ini_get('session.ttl_destroy');
doesn't communicate clearly what the behaviour is going to be. There
needs to be a clear description of what is going to happen.
The only feedback I can give is that I think complex session behaviour
need to be managed through objects or functions which can be tested
inside an application. Adding complex behaviour that happens just when
certain elements of a global array is set, is not the right way to add
more complexity to the session management.
My personal belief is that if people want to have more complex session
management, they should do so in userland code. If we do want more
advanced session in core, it should be done as a new extension; one
that doesn't use any ini settings at all...
btw this appears to be a list of the RFCs you currently have open.
https://wiki.php.net/rfc/allow_url_include
https://wiki.php.net/rfc/consistent-names
https://wiki.php.net/rfc/consistent_function_names
https://wiki.php.net/rfc/dbc2
https://wiki.php.net/rfc/deprecate_ini_set_get_aliases
https://wiki.php.net/rfc/escaper
https://wiki.php.net/rfc/introduce_design_by_contract
https://wiki.php.net/rfc/inconsistent-behaviors
https://wiki.php.net/rfc/introduce-type-affinity
https://wiki.php.net/rfc/precise_float_value
https://wiki.php.net/rfc/script_only_include
https://wiki.php.net/rfc/secure-session-options-by-default
https://wiki.php.net/rfc/session-gc
Perhaps spending more time polishing one or two ideas would lead to a
better result than spreading your efforts thinly across many ideas?
cheers
Dan
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
