There is no directive `session.transid` in PHP. It's probably about the `session.use_trans_sid` directive instead `session.transid`, if I got the context right
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
* Information about invalid values of session gc ini settings.
* Update reference/session/ini.xml
Co-authored-by: Gina Peter Banyard <girgias@php.net>
* Update reference/session/ini.xml
Co-authored-by: Gina Peter Banyard <girgias@php.net>
---------
Co-authored-by: Gina Peter Banyard <girgias@php.net>
* Use FQCN for native attributes
For attributes, it's non-obvious that they need to be imported with `use` or
referenced with their FQCN, because applying a non-existent attribute is not an
error.
Make the examples copy-and-paste safe by adding the leading backslash, as
already done for `#[\SensitiveParameterValue]`.
* random: Remove openssl_random_pseudo_bytes() from caution.cryptographically-insecure
The `random_bytes()` and `random_int()` alternatives are available since since
PHP 7.0, are available by default and directly map to the OS' CSPRNG and thus
are likely more secure.
Thus this commit stops mentioning `openssl_random_pseudo_bytes()` as a possible
option any more to keep things simple for the reader.
* random: Remove `openssl_random_pseudo_bytes()` from “See Also” sections for ext/random
The reasoning as with the previous commit applies.
* hash: Replace `openssl_random_pseudo_bytes()` by `random_bytes()`
* session: Replace `openssl_random_pseudo_bytes()` by `random_bytes()`
For consistency with all other constants, where the default value is also mentioned in the description so you don't have to go back to the table to look it up.
We require suitable return types or the ReturnTypeWillChange attribute
as of PHP 8.1.0. We specify the return types where supported as of PHP
7.0.0, but go with the attribute for the union types.
Cf. <https://github.com/php/doc-en/issues/1090>.
We should not duplicate the info in the general INI list, but rather
include it from the session configuration.
While we're at it, we remove obsolete changelog entries, fix the
wording ("as of" instead of "since"), and remove the url_rewriter.tags
entry from the session configuration page.
`session_register()` and friends are removed as of PHP 5.4.0.
`sessionhandler::updatetimestamp()` and `sessionhandler::validateid()`
did never exist; these are methods of `sessionupdatetimestamphandlerinterface`.
