> On Sep 25, 2016, at 16:40, Thomas Bley <ma...@thomasbley.de> wrote: > > why not have a new session module? those who want no change for existing > applications keep the old one, new projects can use the new one, those who > want more security port their code to the new one. e.g. use session2_start(), > etc.
If that's going to be the approach (and I find it appealing) then perhaps there should be other things accomplished as part of the new work; e.g., disable the automatic sending of cookie headers and make it explicit. Or wrap all the features in objects. (I don't want to volunteer anyone else for more work, though, and I myself am not competent to implement those ideas.) -- Paul M. Jones http://paul-m-jones.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
