Hi all, I've updated session security manual page a lot. http://php.net/manual/en/session.security.php
Some of us do not realize importance of non adoptive session management and timestamp management. e.g. https://wiki.php.net/rfc/precise_session_management https://wiki.php.net/rfc/session-use-strict-mode I've tried to explain why they are important and mandatory for session security. Comments, questions, corrections and additions are appreciated! Current session manager is half broken. I would like to correct session module behavior in near future. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
