php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 11:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d2cdfdbe44f3bdded4aed8f84ef9db740c7f8adb
archived-php-src/ext/session
History
Tim Düsterhus d9c2cf7e3d session: Remove PS_EXTRA_RAND_BYTES (#10394) 
This was introduced in 3467526a65 and the
corresponding RFC gives some reasoning. However the CSPRNG being “not secure
enough” is not a thing and reading these extra bytes is just security theater:

If the CSPRNG would hypothetically be broken, then PHP’s session IDs are the
least of one’s concerns, because we already trust it in `random_bytes()` and
might generate long-term secrets using that.
2023-01-23 14:42:32 +01:00
..
tests
Promote unserialize() notices to warning (#9629)
2022-11-15 19:36:38 +01:00
config.m4
config.w32
CREDITS
mod_files.bat
mod_files.c
Session: Refactor basedir to be a zend_string in mod_files
2022-05-29 15:24:06 +01:00
mod_files.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
mod_files.sh
mod_mm.c
Session: Use zend_string* consistently for key in mod_mm
2022-05-29 15:24:06 +01:00
mod_mm.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
mod_user_class.c
Session: use more appropriate types
2022-05-29 15:24:06 +01:00
mod_user.c
Fix GH-8329 Print true/false instead of bool in error and debug messages (#8385)
2023-01-23 10:52:14 +01:00
mod_user.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_session.h
Drop struct union as access is now always named
2022-10-22 12:47:34 +01:00
session_arginfo.h
Refactor session_set_save_handler()
2022-10-22 12:47:34 +01:00
session.c
session: Remove PS_EXTRA_RAND_BYTES (#10394)
2023-01-23 14:42:32 +01:00
session.stub.php
Refactor session_set_save_handler()
2022-10-22 12:47:34 +01:00