On Jul 3, 2016 7:04 AM, "Yasuo Ohgaki" <yohg...@ohgaki.net> wrote: > > Hi Leigh, > > On Sat, Jul 2, 2016 at 5:39 PM, Leigh <lei...@gmail.com> wrote: > > So I have a few issues that span the RFC and the implementation. > > > > Your RFC states > > > >> hardcoded default and php.ini-* default values are the same. > > > > This is not the case. > > > > Originally the session id length and character set were controlled by > > session.hash_function and/or session.hash_bits_per_character. These > > customisations to configuration will be lost when the user upgrades. You > > have provided a mechanism to control length and charset, but it will require > > new changes to the default settings. This needs to be noted as a breaking > > change. > > > > Your default for session.sid_length is 48. Up to 7.1 the session id length > > is 32. Your default for session.sid_bits_per_character is 5, up to 7.1 the > > session id uses 4 bits per character. This is a breaking change. (Imagine > > custom session handlers that validate session id character sets, or database > > schemas that will truncate after 32 characters) > > I'll update relevant part. > > > Your patch updates session.use_strict_mode from 0 to 1. I actually don't > > know what this changes, but it's an undocumented change. > > This is unintentional. I'll remove this part. > > > Overall your patch looks very similar to the one I was working on earlier in > > the year, although you appear to have deleted a bunch of tests that you > > could have just updated. You should probably put those back, and update > > them. > > It removes hashing, so irrelevant tests are simply removed. > > Thank you for point them out. > I'll fix them now.
Restart vote too please. Thanks Pierre
