Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102127
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 92868 invoked from network); 25 May 2018 10:28:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 May 2018 10:28:28 -0000
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.20 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.20 mout.gmx.net  
Received: from [212.227.17.20] ([212.227.17.20:34995] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 70/97-27834-B45E70B5 for <internals@lists.php.net>; Fri, 25 May 2018 06:28:27 -0400
Received: from [192.168.2.105] ([79.222.47.197]) by mail.gmx.com (mrgmx102
 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LejNC-1g8xWD0DIk-00qVIU; Fri, 25
 May 2018 12:28:23 +0200
To: Lester Caine <lester@lsces.co.uk>, PHP internals <internals@lists.php.net>
References: <569cc0df-c629-960d-8f56-277393cabbfd@lsces.co.uk>
Message-ID: <fef4fe01-265c-b2a3-409b-2193f8a4e2fd@gmx.de>
Date: Fri, 25 May 2018 12:28:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <569cc0df-c629-960d-8f56-277393cabbfd@lsces.co.uk>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:O9c1UOLHWwKwwke3cBzVe9tGmOFsdJX95HhtHXVesTwhleOSmLA
 jFiXzVkqhVWILP7+g68jNgh1DR3glGHZC9GoampOL6bgpE68CTGmPiL7n0sLnok0d96uIUi
 XxIfOldqLA8JGmkadltHUg4YjrloMt6/8ERAV/zcK0CrDRj2PiFKKfT76Xwul9+fjF7bc89
 cPJVqFzY3F8BbG7ocptuA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:+Vt0qCkvAAI=:f54EqzTYMHA26TO6Kq1TQ0
 98VGMGQ2HyumhSd6BLC4pNFuNubwAAVhGdyiCPmwcio2tYQwTXiPUlCX/bz45SypD8iqvy1jc
 tjYb/49zM9mRE5DhTXZf80eHd32urh+wuPfTqv/0H0X36+GdBCPGLTCiuQP3KR6ChJ/tSL4PI
 vPBGBUncZoFCFR2Aj720zgVAVGwPuBMh+LRViBWsjarJlRFlSI0kT0JhO3GcSn9u8yBVGdToJ
 Y1zusrACmtcWSsE/AN7DZk4sdZAGHI8dg+ISAbnOS36iwK+9Jkz/Vhv+0yyb/Drei7775mYUK
 pdwqbhgs24QgepQIapqFNlMpc/In5jJ8/evFToYkcksITpL6szE30zJHyWwlL/lnF5iBL79Ez
 pfa+WNyMhjw98/JDbt1WOP03cLgPDi+VweWwcUWTaNO5iQkobpRQ0eQIdyo0p6MUvy2bGi0en
 0hMcg4E+YiPLqqoR2vCFqRc6sTbu7XZgk3IV9Gm6b/bvjHUKfSa5UXUK3KfO5RlKmtMBk16Cf
 8Ivcxzs9VFlaCybwjQqTWbeN38IYxOHU2+wXLIv6RLfUBLpEL81RjKi04EWdeuA5eWeQt6+f/
 gjD20eBT3cZq3M+6VOAwRIwHa7bJvHTWv/utx2XXtd8obJnmQYoAQHTaVXkufFkpattt1tM8c
 3iEFcO6INyF+TUbiMwDjDI1FDm8A7Ze62ZlQZdPf7q+EVC0RiBx71tSfwIoHMTMvyLvccHlI6
 6tv529RUS23PXIJhuOB9HwgH+DnCgpaLTlAHb3jv4/7h6o8vYiTLOZUjbvUm3EOD+qLuJONY0
 2avdpqT
Subject: Re: undocumented session_name() change
From: cmbecker69@gmx.de ("Christoph M. Becker")

On 24.05.2018 at 18:16, Lester Caine wrote:

> Since Tony is blocked from this list he has posted a BC break on the
> PHP-General list ... the main jist of which is that session_name() has
> had it's DOCUMENTED functionality changed some time between 7.1.11 and
> 7.2.5

In my opinion, the documentation is somewhat ambiguous regarding the
“current session name”.  What is the name of a session that will never
be started?  Is it ini_get('session.name'), or is there simply no
session name?

> I can't see any discussion on session_name in the last two years or any
> notification of the change, so when did it happen and why. More to the
> point, why has the documentation not been amended to match the new
> functionality?

The change was triggered by <https://bugs.php.net/71038> which required
some deeper changes, which apparently caused Yasuo to have a closer look
at the code recognizing some further strange behavior, so he submitted
<https://github.com/php/php-src/pull/2167>.  There was some discussion,
but obviously nobody objected to these changes for master, so the PR has
been merged.

Apparently, this well documented change (see UPGRADING) has been
overlooked for the migration guide.

Anyhow, it seems to me that Tony makes a mountain out of a molehill.
Apparently, very few code out there is affected by this change
(otherwise there certainly would have been more bug reports or
complains), and to cite Yasuo[1]:

| Therefore, proper codes will not be affected by this change. Only bad
| codes are detected.

I agree.  Consider the code Tony has posted on php-general@[2]:

  if ($_GET['action'] == 'newsession') {
   $session_name = getNewSessionName();  // user-defined function
   session_name($session_name);
   session_regenerate_id();
   header('Location: ' ….);  // restart script to use new session name
and id
   exit;
  }

Why even call session_name($session_name) here?  To my knowledge, this
is a no-op in this case (assuming a session has already been started).

Finally, every minor or major PHP version has a pre-release phase of
roughly six month.  The relevant change has been there since
7.2.0alpha1, so everybody had ample time to check it out, and to
eventually complain before GA.

[1] <https://github.com/php/php-src/pull/2167#issue-89519969>
[2] <http://news.php.net/php.general/326472>

-- 
Christoph M. Becker