Hi Julien,
On Fri, Jan 15, 2016 at 7:36 PM, Julien Pauli wrote:
>
> I will cherry pick it for 5.5 , as it is a fix for a security fix.
Thank you.
>
> Is it bfb9307b2d679a91e138fd876880470ece60942b ?
It's 8c37a086c78a66517967fcb809fb53297becfe42
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
On Fri, Jan 15, 2016 at 1:32 AM, Yasuo Ohgaki wrote:
> Hi Julien,
>
> On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki wrote:
>>
>> On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev
>> wrote:
>>>
However, previous my fix (Raise warning and return false) was wrong fix.
Therefore, I woul
Hi Julien,
On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki wrote:
>
> On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev
> wrote:
>>
>>> However, previous my fix (Raise warning and return false) was wrong fix.
>>> Therefore, I would like to correct (Provide new session ID and continue)
>>> it in
Hi Stas,
On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev wrote:
>
>> However, previous my fix (Raise warning and return false) was wrong fix.
>> Therefore, I would like to correct (Provide new session ID and continue)
>> it in 5.5 also. Does this make sense?
>
> Yes, but nit sure if it's for
Hi!
> However, previous my fix (Raise warning and return false) was wrong fix.
> Therefore, I would like to correct (Provide new session ID and continue)
> it in 5.5 also. Does this make sense?
Yes, but nit sure if it's for 5.5. It's for Julian to decide,
ultimately, but it doesn't look like 5.5
Hi Julien,
On Thu, Jan 14, 2016 at 7:21 PM, Julien Pauli wrote:
> On Wed, Jan 13, 2016 at 12:03 AM, Stanislav Malyshev
> wrote:
>> Hi!
>>
>>> I've disallowed empty session ID, but it wasn't a
>>> appropriate fix.
>>>
>>> https://bugs.php.net/bug.php?id=68063
>>
>> Could you explain a bit more ab
On Wed, Jan 13, 2016 at 12:03 AM, Stanislav Malyshev
wrote:
> Hi!
>
>> I've disallowed empty session ID, but it wasn't a
>> appropriate fix.
>>
>> https://bugs.php.net/bug.php?id=68063
>
> Could you explain a bit more about the part where there are empty IDs
> generated? You say it "is browser's c
Hi Stas,
On Wed, Jan 13, 2016 at 10:08 AM, Stanislav Malyshev
wrote:
>> The root cause is browser's cookie handling.
>> It appears that browsers do not lock cookie while updating cookies.
>> Therefore race condition happens and browsers send empty cookie
>> sometimes. I haven't checked the code,
Hi!
> The root cause is browser's cookie handling.
> It appears that browsers do not lock cookie while updating cookies.
> Therefore race condition happens and browsers send empty cookie
> sometimes. I haven't checked the code, but observed it happens.
>
> I observed handful empty cookies a day w
Hi Stas,
On Wed, Jan 13, 2016 at 8:03 AM, Stanislav Malyshev wrote:
>> I've disallowed empty session ID, but it wasn't a
>> appropriate fix.
>>
>> https://bugs.php.net/bug.php?id=68063
>
> Could you explain a bit more about the part where there are empty IDs
> generated? You say it "is browser's
Hi!
> I've disallowed empty session ID, but it wasn't a
> appropriate fix.
>
> https://bugs.php.net/bug.php?id=68063
Could you explain a bit more about the part where there are empty IDs
generated? You say it "is browser's cookie handling" - could you explain
more about it?
> I made appropriate
Hi Julien,
I've disallowed empty session ID, but it wasn't a
appropriate fix.
https://bugs.php.net/bug.php?id=68063
I made appropriate patch for this issue. It should be
applied from PHP 5.5 to master. I attached patch to
the bug report. Could you apply it from PHP 5.5? Or
shall I commit it from
12 matches
Mail list logo
