Hi all and RM, On Sat, Jul 2, 2016 at 4:35 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Currently session module uses obsolete MD5 for session ID. With > CSPRNG, hashing is redundant and needless. It adds hash module > dependency and inefficient (There is no reason to use hash for CSPRNG > generated bytes). > > This proposal cleans up session code by removing hash. > > https://wiki.php.net/rfc/session-id-without-hashing > > I set vote requires 2/3 support. > Please describe the reason why when you against this RFC. Reasons are > important for improvements!
The changes in the manual is committed. UPGRADING is written, PR branch is synced for merge. https://github.com/php/php-src/pull/1850 Should I merge or just telling "please merge" is OK? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
