220   . Fixed bug #70219 (Use after free vulnerability in session deserializer). 
677   . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
1058   . Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
1361     session.use_strict_mode=1) (Yasuo)
1627   . Fixed bug #65475 (Session ID is not initialized properly when strict session
1630     session serialize handler that uses plain serialize()). (Yasuo)
1691     which protects against session fixation attacks and session collisions.    
1695   . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
3137   . Session bug compatibility mode (session.bug_compat_42 and
3138     session.bug_compat_warn php.ini options). (Kalle)
3477   . Expose session status via new function, session_status (FR #52982) (Arpad)
3478   . Added support for object-oriented session handlers. (Arpad)
3479   . Added support for storing upload progress feedback in session data. (Arnaud)
3480   . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
3482   . Fixed bug #60860 (session.save_handler=user without defined function core
3485     session handler interface). (Arpad)
3741   . Fixed bug #60860 (session.save_handler=user without defined function core
3929   . Fixed bug #55776 (PDORow to session bug). (Johannes)
3946   . Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been
4621   . Fixed bug #53141 (autoload misbehaves if called from closing session).
4977 - Fixed handling of session variable serialization on certain prefix
5221   "session.save_path" check. (Stas)
5243 - Fixed a possible open_basedir/safe_mode bypass in session extension
5550 - Fixed bug #49064 (--enable-session=shared does not work: undefined symbol:
5717 - Changed session_start() to return false when session startup fails. (Jani)
6057 - Added ext/hash support to ext/session's ID generator. (Sara)
6330 - Fixed segfault on invalid session.save_path. (Hannes)
6783 - Fixed bug #45406 (session.serialize_handler declared by shared extension fails).
7099 - Fixed bug #42869 (automatic session id insertion adds sessions id to
7125 - Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia)
7216 - Fixed session.save_path and error_log values to be checked against
7411 - Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
7608 - Fixed bug #40998 (long session array keys are truncated). (Tony)
7678 - Fixed bug #40464 (session.save_path wont use default-value when safe_mode
7970 - Fixed bug #39602 (Invalid session.save_handler crashes PHP). (Dmitry)
8069 - Fixed bug #37627 (session save_path check checks the parent directory).
8123 - Added support for httpOnly flag for session extension and cookie setting
8293 - Fixed bug #38993 (Fixed safe_mode/open_basedir checks for session.save_path,
8345 - Fixed bug #38534 (segfault when calling setlocale() in userspace session
8349 - Fixed bug #38511, #38473, #38263 (Fixed session extension request shutdown
8396   session.cache_expire). (Tony)
8410 - Fixed bug #38224 (session extension can't handle broken cookies). (Ilia)
8641 - Added a check for special characters in the session name. (Ilia)
8783 - Fixed bug #36388 (ext/soap crashes when throwing exception and session
9055 - Added an optional remove old session parameter to session_regenerate_id().
9484 - Fixed bug #33520 (crash if safe_mode is on and session.save_path is changed).
9525 - Fixed bug #33185 (--enable-session=shared does not build). (Jani)
9544   "session.save_path" change using session_save_path() function). (Rasmus)
9562 - Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading
9563   session cookies). (Jani, Tony)
9669 - Fixed bug #31502 (Wrong deserialization from session when using WDDX
9978 - Fixed bug #30904 (segfault when recording soapclient into session). (Tony,
10021   session.save_handler and/or session.serialize_handler). (Tony)

Last Index update Sat Sep 28 00:04:33 UTC 2024

Dedicated to & Maintained by Room-11