Hi Davey, On Wed, Jul 13, 2016 at 6:59 AM, Davey Shafik <da...@php.net> wrote: > On Tue, Jul 12, 2016 at 3:25 AM, Derick Rethans <der...@php.net> wrote: >> >> Hi, >> >> The voted-upon-RFC still has >> >> > session.use_strict_mode (0 to 1) - Changed as insurance of broken >> > PRNG implementation. >> >> Although you said: >> >> It was moved to other RFC. >> >> https://wiki.php.net/rfc/session-use-strict-mode >> >> And neither did you restart voting after modifying the RFC - or writing >> down in the RFC's changes that it got changed. >> >> So what's the deal? > > > I'd like to see the vote re-run (1 week?) with the changes in place. I > didn't vote because I expected it to be restarted. I would have voted -1 on > the current proposal. > > Also, is it possible to add a notice/warning if any of the removed config > settings are set to a non-default value? > > We should also have the defaults be the same as for older versions of PHP, > otherwise it's a BC break. That is: > > session.sid_length=32 > session.sid_bits_per_character=4 > > Better settings should be documented and in the default ini files, but not > be changed till 8.0 IMO. > > I apologize for this feedback being so late.
Thank you for the comment! I think it's not good idea to change the default from now. I'll document compatibility issue well in UPGRADING. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
