Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100084
Return-Path: <php@golemon.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76881 invoked from network); 28 Jul 2017 14:45:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Jul 2017 14:45:35 -0000
Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail
Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 74.125.82.52 as permitted sender)
X-PHP-List-Original-Sender: php@golemon.com
X-Host-Fingerprint: 74.125.82.52 mail-wm0-f52.google.com  
Received: from [74.125.82.52] ([74.125.82.52:36451] helo=mail-wm0-f52.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E1/06-40376-D0E4B795 for <internals@lists.php.net>; Fri, 28 Jul 2017 10:45:33 -0400
Received: by mail-wm0-f52.google.com with SMTP id t201so127767561wmt.1
        for <internals@lists.php.net>; Fri, 28 Jul 2017 07:45:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=golemon-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=LA083Rd0hO87SaRw5Dwcgc+z1c7HkkH2sr8Builvbkk=;
        b=qI8F8dmu/RP5ZkA/z3nApjedUHIxG+Lbs1FbuJw7P4SnDwWW1EwYLyGcOPlgg2tUXf
         Gh9rudNllWZV6r0pG4WafIwre1CtNwR2lBp257jK5hgxAIphjigYx3dwh3cGWb+i3J0G
         PYXmlpew0Ik2PT0CkV7MqQbuVT/jGtHTuds+0mli8dCiKGpWFU2FdRvf0aWPwy60QBa3
         fJIZyViAmNoyvhGoO+XnnzAhpnm78yJt77jznVuy0eRURPcat2OS53fGCqPziZuz1RsQ
         Hlp5+hRCILYxcJGX/YZpRgdlzHwZy1Clo0TRhFgMXld54FRDJp202Mk91+g/x4VAbgW4
         7Z3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=LA083Rd0hO87SaRw5Dwcgc+z1c7HkkH2sr8Builvbkk=;
        b=Ydpbmm0f5EfnqwY56BguAy79IuWMG+MpizSCS6sa/M+gx9B+egp75n0aIpg+9VMqln
         kjHF5WK7nyUznnwjEiPSorNEYfKq19fHSys2QovVXEj57g6aCOYjv8+MuzeRH20gFU3h
         +x/zhVa0RYRB7ur7d0YpFe8swqamxtPML2wbhx8s8T8PdNzVSxwmuzR72GZg11UJWGLj
         2Z4rhPGqSpd9Fc5aF/iveyYjbvEvke506AwUgyhVo63SNhe1BPPYnRO/BfQeB+LuHLZV
         bVppF8P5cICi7fmj+WRkNE0eJmglZ5mZ/OJ2mfIYgxSafiZax+GGT2uLqHbT/lvp/wTJ
         Jd2A==
X-Gm-Message-State: AIVw110uYf8uJTJJm74+NjA2ShkseWFYWtE0paTU7kCjffyCu7BJliTd
	rmoIRHLMIErCILaC77aNcLRrdpd2RnWS
X-Received: by 10.28.134.138 with SMTP id i132mr5946409wmd.175.1501253129915;
 Fri, 28 Jul 2017 07:45:29 -0700 (PDT)
MIME-Version: 1.0
Sender: php@golemon.com
Received: by 10.223.169.234 with HTTP; Fri, 28 Jul 2017 07:45:29 -0700 (PDT)
X-Originating-IP: [206.252.215.26]
In-Reply-To: <422D7E05-864E-40EB-AEEB-81DFED80CA72@gmail.com>
References: <a9bfbaf5-6c48-ee69-62ab-b59daef3328e@rhsoft.net>
 <28093140-0D0D-4157-AAA3-E8F1A570E67A@gmail.com> <ebde09b9-c883-36ef-3727-fac2ec009e6c@rhsoft.net>
 <422D7E05-864E-40EB-AEEB-81DFED80CA72@gmail.com>
Date: Fri, 28 Jul 2017 10:45:29 -0400
X-Google-Sender-Auth: 3cmWRPTUBbG32P0RY636a3f2nFY
Message-ID: <CAESVnVoGGitKwy+tK55jXSii=hKF8rFDjMDGGO3SNi=XDTezag@mail.gmail.com>
To: Rowan Collins <rowan.collins@gmail.com>
Cc: PHP internals <internals@lists.php.net>, "lists@rhsoft.net" <lists@rhsoft.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] session_start() should not reset $_SESSIOn if it's not empty
From: pollita@php.net (Sara Golemon)

On Fri, Jul 28, 2017 at 10:11 AM, Rowan Collins <rowan.collins@gmail.com> wrote:
> On 28 July 2017 14:37:10 BST, "lists@rhsoft.net" <lists@rhsoft.net> wrote:
>>(Arguably, all the other superglobals should be read only for the same
>>reason, but that would be a huge break now.)
>>
>>make them readonly would break my whole codebase
>
> Yes, I only meant that as an absolutely hypothetical "if I had a time machine and could design it a different way...", I realise it would break everything to change it now.
>
>
ftr; I'd vote in favor of several BC breaking things to do with
autoglobals, among them:

* Make them objects (though ArrayAccess based for less hostile BC breakage)
* Make most of them read-only (offsetGet(), but no offsetSet)
* Make $_SESSION[...] access produce an error or auto-start the session

I've seen too many codebases abuse GPCER vars as a generic storage
location because "globals are bad, but this is good because it doesn't
include the word global".  As a performance issue, the runtime has to
assume autoglobals are inherently volatile and could change on a whim
at any moment (much like $http_response_headers).  Restricting their
mutability would be a win.  The request globals could probably also be
optimized fairly significantly.

If anyone agrees, I'm willing to RFC it.  If not, I'll continue living
with it. :D

-Sara