FAQ

On May 11, 2016 11:46 AM, "Yasuo Ohgaki" wrote:

Thank you for your comments. I've updated the RFC. You might like this
version.
>

I still think we should not have that in core. If we do, it should be
controlled by the application implementation and not ini settings (some
routes may have it, other not, some route may have different ttl etc). I am
not even sure it should be part of the session module.

Sessions are per definiton easy. Implement them correctly (whatever that
means) is hard. Adding csrf to ext/session feels like adding auth methods
as well. Both csrf ans auth may need sessions but they are not part of the
session features.

Cheers,
Pierre

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 32 of 65 | next ›
Discussion Overview
groupphp-internals @
categoriesphp
postedMay 10, '16 at 3:25a
activeMay 12, '16 at 11:30a
posts65
users12
websitephp.net

People

Translate

site design / logo © 2019 Grokbase