Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102160 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 390 invoked from network); 5 Jun 2018 07:57:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2018 07:57:59 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:35452] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C7/AA-62758-682461B5 for ; Tue, 05 Jun 2018 03:57:59 -0400 Received: (qmail 124186 invoked by uid 89); 5 Jun 2018 07:57:54 -0000 Received: from unknown (HELO mail-it0-f45.google.com) (yohgaki@ohgaki.net@209.85.214.45) by 0 with ESMTPA; 5 Jun 2018 07:57:54 -0000 Received: by mail-it0-f45.google.com with SMTP id k17-v6so13797012ita.0 for ; Tue, 05 Jun 2018 00:57:53 -0700 (PDT) X-Gm-Message-State: APt69E3n/80Y1LSHEiYYHhJRuRY4HxPQeOk7U7ldMWHxlBjNZ3Ddmoe9 Ja5fyPYN+NyToVnMdbC0qfQP+QrAOY1RDznJrA== X-Google-Smtp-Source: ADUXVKLWa2UBZ1fN+8vO4wX7gEOIcPnd+rkGtdglCLCyyP2di3JqJdMoZnnKAaR9wLFTP1tb/fZelO8SozOKgqNejj8= X-Received: by 2002:a24:a43:: with SMTP id 64-v6mr17904032itw.140.1528185468318; Tue, 05 Jun 2018 00:57:48 -0700 (PDT) MIME-Version: 1.0 References: <569cc0df-c629-960d-8f56-277393cabbfd@lsces.co.uk> <190d6f90-24c4-ea41-13d4-20f432e4af3e@gmx.de> In-Reply-To: <190d6f90-24c4-ea41-13d4-20f432e4af3e@gmx.de> Date: Tue, 5 Jun 2018 16:57:12 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Christoph Becker Cc: Lester Caine , PHP internals Content-Type: multipart/alternative; boundary="000000000000fd7a48056de0673a" Subject: Re: [PHP-DEV] Re: undocumented session_name() change From: yohgaki@ohgaki.net (Yasuo Ohgaki) --000000000000fd7a48056de0673a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, May 27, 2018 at 1:16 AM Christoph M. Becker wrote: > On 25.05.2018 at 12:28, Christoph M. Becker wrote: > > > if ($_GET['action'] =3D=3D 'newsession') { > > $session_name =3D getNewSessionName(); // user-defined function > > session_name($session_name); > > session_regenerate_id(); > > header('Location: ' =E2=80=A6.); // restart script to use new sessi= on name > > and id > > exit; > > } > > > > Why even call session_name($session_name) here? To my knowledge, this > > is a no-op in this case (assuming a session has already been started). > > I have to correct myself. Actually, the call to session_regenerate_id() > did change the session name (i.e. the cookie etc.) I'm still not > convinced, that this BC break should be reverted. > Session module uses a few INI settings to work. As we know, INI values are stored in modules global structure. Since session works uses INI values as "Parameters" for module and its submodules while it is active, modifying these INI values caused number of unwanted misbehaviors/crashes. i.e. It's side effect of changing globals. These INI values must not be changed in the first place, but session module didn't have proper internal state management. Since these side effects won'= t be problem unless users abuse/misuse them, it was left until 7.2. 7.2 protects module globals (PS(session_name) is one of them) to prevent abuse/misuse. Any function calls that cause side effects raise ERROR as described in UPGRADING. Since 7.2 prohibits harmful calls, users protected from some of very hard to debug problems, e.g. - Works in a environment, but not in other - Works mostly, but fails sometimes Even when users are affected by this change, there are ways to write code that work in any PHP versions. session_name('new_name') can be called while session is inactive in this case. i.e. session_commit(); session_name('new_name'); session_start(); Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --000000000000fd7a48056de0673a--