On 12/05/16 04:19, Yasuo Ohgaki wrote: > It could be an option that abandon session module and let users to > implement decent session manager because we are taking too long time > even for mandatory things even if there are implementations. It is > simply taking too long time to fix them. I'm half joking, but half > serious :)
Yasuo ... THIS is the situation with a number of elements of PHP, and I DO understand where you are coming from. PHP is nicely modular and so creating a complete module ... well documented ... clean API ... makes perfect sense. Getting acceptance may be a different matter, such as switching from mysql to mysqli, but it does provide a document-able upgrade path for the problem in hand. I'm the first to admit I rely on the simple options so still use anonymous session for the majority of users simply because they are never going to log in, while I conciser and authenticated user as a different animal so needs a different type of security. That is the main reason I posted the 'off topic' bits earlier in this thread. It IS a matter of what is the ideal set-up for the vast majority of PHP users who can justify laying out lots of money for the best chargeable security, and there is now at least a path that can be documented to help them which includes https, sessions and authentication? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
