rfc:session-use-strict-mode
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:session-use-strict-mode [2016/07/06 22:02] – yohgaki | rfc:session-use-strict-mode [2020/08/01 23:51] (current) – Status is "Declined" carusogabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: Enable session.use_strict_mode by default ====== | ====== PHP RFC: Enable session.use_strict_mode by default ====== | ||
- | * Version: | + | * Version: |
* Date: 2016-07-05 | * Date: 2016-07-05 | ||
* Author: Yasuo Ohgaki < | * Author: Yasuo Ohgaki < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 39: | Line 39: | ||
However, lost sessions are far better than stolen sessions. | However, lost sessions are far better than stolen sessions. | ||
- | When attackers set unchangeable session ID cookie for a user, the user will not be able to get valid session ID. i.e. Cannot login, etc. | + | When attackers set unchangeable session ID cookie for a user, the user will not be able to get valid session ID. i.e. Cannot login via attacker supplied unchangeable session ID, etc. |
- | 3rf party session save handlers must implement session ID validation handler for session.use_strict_mode=1 to work actually. i.e. 3rf party session save handlers must use PS_FUNCS_SID or PS_FUNCS_UPDATE_TIMESTAMP. **PS_FUNCS_UPDATE_TIMESTAMP is strongly recommended.** | + | 3rd party session save handlers must implement session ID validation handler for session.use_strict_mode=1 to work actually. i.e. 3rd party session save handlers must use PS_FUNCS_SID or PS_FUNCS_UPDATE_TIMESTAMP. **PS_FUNCS_UPDATE_TIMESTAMP is strongly recommended.** |
Line 85: | Line 85: | ||
* Remove additional session data storage access by extending session save handler API. | * Remove additional session data storage access by extending session save handler API. | ||
- | ===== Proposed Voting Choices | + | ===== Vote ===== |
- | This project requires | + | This project requires 2/3 majority |
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | Vote starts 2016/7/12, ends 2016/07/19 23:59:59 UTC. | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== |
rfc/session-use-strict-mode.txt · Last modified: 2020/08/01 23:51 by carusogabriel