Hi Paul, On Mon, Sep 26, 2016 at 7:12 AM, Paul Jones <pmjone...@gmail.com> wrote: >> On Sep 25, 2016, at 16:40, Thomas Bley <ma...@thomasbley.de> wrote: >> >> why not have a new session module? those who want no change for existing >> applications keep the old one, new projects can use the new one, those who >> want more security port their code to the new one. e.g. use >> session2_start(), etc. > > If that's going to be the approach (and I find it appealing) then perhaps > there should be other things accomplished as part of the new work; e.g., > disable the automatic sending of cookie headers and make it explicit. Or wrap > all the features in objects. (I don't want to volunteer anyone else for more > work, though, and I myself am not competent to implement those ideas.)
Object interface is broken in many ways... I'll propose new "SessionSaveHandler" interface and new object API to solve all problems soon. BTW, having new module and clean things up is an option, but session module just needs implementations/improvements. Basic module design is good. IMHO. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
