Differences

This shows you the differences between two versions of the page.

--- rfc:session-create-id [2016/08/14 22:33] – Add discussion for new readers. yohgaki
+++ rfc:session-create-id [2020/03/26 12:47] (current) – this RFC has been implemented long ago cmb
@@ Line 4: / Line 4: @@
   * Modified Date: 2016-08-10
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Voting
+  * Status: Implemented (PHP 7.1)
   * First Published at: http://wiki.php.net/rfc/session-create-id
 ===== Introduction =====
-Session ID is created by session internal bin_to_reabable() function. bin_to_readable() creates readable string from binary data depending. New session_create_id() uses bin_to_readable() to create user defined session ID string. Session ID may use 'a'-'z', 'A'-'Z', ',', '-'. Without session_create_id(), user has to implement their own bin_to_readable() in user land.
+Session ID is created by session internal bin_to_readable() function. bin_to_readable() creates readable string from binary data depending. New session_create_id() uses bin_to_readable() to create user defined session ID string. Session ID may use 'a'-'z', 'A'-'Z', ',', '-'. Without session_create_id(), user has to implement their own bin_to_readable() in user land.
 ===== Proposal =====
@@ Line 165: / Line 165: @@
 In addition to above, current session management implementation does not support timestamp based session data management. i.e. https://wiki.php.net/rfc/precise_session_management This makes situation even worse.
-Somebody wins lottery. Even 1 in millions/hundreds years could happen. IMHO, it is not reasonable to argue "Session ID collision very rare and cannot happen" or "Session ID safe without collision detection, can ignore collisions", and tell poor user "We do know it may happen, but you just had rare bad luck. Even though protection could be implemented, whatever consequences are your responsibility. It's the PHP way".
+Somebody wins lottery. Even 1 in millions/hundreds years could happen. IMHO, it is not reasonable to argue "Session ID collision very rare and cannot happen" or "Session ID is safe without collision detection, can ignore collisions", and tell poor user "We do know it may happen, but you just had rare bad luck. Even though protection could be implemented, whatever consequences are your responsibility. It's the PHP way".
 If there are users who really do not want collision detection at all, they should do it by their own responsibility and risk. e.g.
@@ Line 193: / Line 193: @@
 This project requires a 2/3 majority
-<doodle title="Add session_create_id() frunction" auth="Yasuo Ohgaki" voteType="single" closed="false">
+<doodle title="Add session_create_id() frunction" auth="Yasuo Ohgaki" voteType="single" closed="true">
    * Yes
    * No
@@ Line 207: / Line 207: @@
 After the project is implemented, this section should contain
   - the version(s) it was merged to
+    - PHP 7.1 and master (Merged to 7.1 also by RM permission)
   - a link to the git commit(s)
+    - http://git.php.net/?p=php-src.git;a=commitdiff;h=7ee9f81c54ca888beae1c6aaeaccee1260012076
   - a link to the PHP manual entry for the feature
+    -  http://svn.php.net/viewvc?view=revision&revision=339956
 ===== References =====

Differences

Page Tools