Hi,
On Thu, Mar 24, 2016 at 11:34 AM, Yasuo Ohgaki wrote:
> Since the vote for
> https://wiki.php.net/rfc/precise_session_management
> is declined 15 vs 11.
> https://wiki.php.net/rfc/precise_session_management#vote
>
> We have to come up with other solutions for
>
> - Session loss by race condi
Hi Joe,
On Thu, Mar 24, 2016 at 4:22 PM, Joe Watkins wrote:
>
> First, thanks for all the effort ... You already know that, a refusal to
> merge a patch doesn't mean you wasted your time, it should serve to refocus
> your research.
>
> So, I thought I'd say some stuff, to aid with that ..
Morning Yasuo,
First, thanks for all the effort ... You already know that, a refusal
to merge a patch doesn't mean you wasted your time, it should serve to
refocus your research.
So, I thought I'd say some stuff, to aid with that ...
The first thing I would do is break down the probl
Hi all,
On Thu, Mar 24, 2016 at 11:34 AM, Yasuo Ohgaki wrote:
> We have to come up with other solutions for
>
> - Session loss by race conditions
> - Method to make session abuse harder
I'll explain how attacker can steal PHP sessions forever with current
session module. There are multiple ser
