On Tue, Jul 12, 2016 at 3:25 AM, Derick Rethans <der...@php.net> wrote:
> Hi, > > The voted-upon-RFC still has > > > session.use_strict_mode (0 to 1) - Changed as insurance of broken > PRNG implementation. > > Although you said: > > It was moved to other RFC. > > https://wiki.php.net/rfc/session-use-strict-mode > > And neither did you restart voting after modifying the RFC - or writing > down in the RFC's changes that it got changed. > > So what's the deal? > I'd like to see the vote re-run (1 week?) with the changes in place. I didn't vote because I expected it to be restarted. I would have voted -1 on the current proposal. Also, is it possible to add a notice/warning if any of the removed config settings are set to a non-default value? We should also have the defaults be the same as for older versions of PHP, otherwise it's a BC break. That is: session.sid_length=32 session.sid_bits_per_character=4 Better settings should be documented and in the default ini files, but not be changed till 8.0 IMO. I apologize for this feedback being so late. Thanks, - Davey
