This is an old revision of the document!
PHP RFC: Session strict mode default ini settings
- Version: 0.1
- Date: 2018-02-13
- Author: Pieter Hordijk, peehaa@php.net
- Status: Draft
- First Published at: http://wiki.php.net/rfc/default-session-strict-mode
Introduction
Changing default setting of distributed .ini's to use strict mode sessions by default.
Proposal
Currently strict mode for session is disabled by default in our distributed ini files (php.ini-development and php.ini-production). However it is recommended to enable it to prevent session fixation issues.
Backward Incompatible Changes
What breaks, and what is the justification for it?
Proposed PHP Version(s)
List the proposed PHP versions that the feature will be included in. Use relative versions such as “next PHP 7.x” or “next PHP 7.x.y”.
RFC Impact
To SAPIs
None
To Existing Extensions
None?
To Opcache
None
New Constants
None
php.ini Defaults
If there are any php.ini settings then list:
- hardcoded default values
- php.ini-development values
- php.ini-production values
Open Issues
None
Unaffected PHP Functionality
N/A
Proposed Voting Choices
Simple yes/no vote. Yes means changing the default mode in the ini files, no means leave it as it is.
State whether this project requires a 2/3 or 50%+1 majority (see voting)
Patches and Tests
No patch supplied yet as it is a trivial change in the ini files.
Implementation
After the project is implemented, this section should contain
- the version(s) it was merged into
- a link to the git commit(s)
- a link to the PHP manual entry for the feature
- a link to the language specification section (if any)
References
Links to external references, discussions or RFCs
Rejected Features
Keep this updated with features that were discussed on the mail lists.