From a67d84c20aab2b37c7ac950c9b5e2a91933a4557 Mon Sep 17 00:00:00 2001
From: Jorg Sowa <jorg.sowa@gmail.com>
Date: Wed, 20 May 2026 18:03:17 +0200
Subject: [PATCH] [ci skip] ext/session: add missing NEWS entries

Add NEWS entries for three ext/session changes that were never documented:
- SameSite cookie validation (GH-21670)
- session.cookie_lifetime improved parsing (GH-21704)
- Recursive GC cleanup for nested session directories (GH-21491)
---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index e37effff3afe..c9456a42d0a0 100644
--- a/NEWS
+++ b/NEWS
@@ -156,6 +156,12 @@ PHP                                                                        NEWS
     (Girgias)
   . Null bytes in session.cookie_path, session.cookie_domain, and
     session.cache_limiter are now rejected with a warning. (jorgsowa)
+  . session.cookie_samesite now rejects invalid values with a warning; only
+    "Strict", "Lax", "None", or "" are accepted. (jorgsowa)
+  . session.cookie_lifetime now rejects non-integer and out-of-range values
+    with a warning. (jorgsowa)
+  . Session file GC now recursively cleans nested subdirectories when
+    session.save_path uses the dirdepth prefix. (jorgsowa)
   . Changed defaults of session.use_strict_mode (now 1), session.cookie_httponly
     (now 1) and session.cookie_samesite (now "Lax"). (jorgsowa)