Hi all, Session ID without hashing https://wiki.php.net/rfc/session-id-without-hashing#vote
This RFC is passed 9 vs 0. Compatible default is used as default. 7 vs 3. It needs to update the default INI. I'll finish it in a few days. Thank you for voting! -- Yasuo Ohgaki yohg...@ohgaki.net On Mon, Jul 25, 2016 at 6:49 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi all, > > Due to defects in the RFC, vote is reopened and restarted. > Followings are changes from 1st vote. > > - Removed session.use_strict_mode change > (Changed when vote reopened) > - Added INI default vote options, incompatible and compatible. > (Changed when 2nd vote is restarted) > - Extended vote period for 2 days. > > These who are voted already have to **VOTE AGAIN**. > Sorry for the inconvenience and confusion! > > ============ > > Currently session module uses obsolete MD5 for session ID. With > CSPRNG, hashing is redundant and needless. It adds hash module > dependency and inefficient. > > This proposal cleans up session code by removing hash. > > https://wiki.php.net/rfc/session-id-without-hashing > > I set vote requires 2/3 support. > Please describe the reason why when you against this RFC. Reasons are > important for improvements! > > Vote ends 2016/08/02 23:59:59 UTC. > > Thank you for voting! > > -- > Yasuo Ohgaki > yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
