Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:28339
Return-Path: <markus@fischer.name>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 26394 invoked by uid 1010); 14 Mar 2007 19:05:59 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 26379 invoked from network); 14 Mar 2007 19:05:59 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Mar 2007 19:05:59 -0000
Authentication-Results: pb1.pair.com header.from=markus@fischer.name; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=markus@fischer.name; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain fischer.name from 213.46.255.15 cause and error)
X-PHP-List-Original-Sender: markus@fischer.name
X-Host-Fingerprint: 213.46.255.15 viefep13-int.chello.at Solaris 10 (beta)
Received: from [213.46.255.15] ([213.46.255.15:36834] helo=viefep20-int.chello.at)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 23/77-61662-39748F54 for <internals@lists.php.net>; Wed, 14 Mar 2007 14:05:57 -0500
Received: from genuine ([213.47.89.232]) by viefep20-int.chello.at
          (InterMail vM.6.01.05.04 201-2131-123-105-20051025) with ESMTP
          id <20070314190552.QZWR7376.viefep20-int.chello.at@genuine>;
          Wed, 14 Mar 2007 20:05:52 +0100
Received: from chello213047089232.17.14.vie.surfer.at ([213.47.89.232] helo=[192.168.1.51])
	by genuine with esmtpa (Exim 4.50)
	id 1HRYhF-0007sj-F0; Wed, 14 Mar 2007 19:59:40 +0100
Message-ID: <45F84785.9030304@fischer.name>
Date: Wed, 14 Mar 2007 20:05:41 +0100
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  RQuadling@GoogleMail.com
CC: internals <internals@lists.php.net>
References: <10845a340703140437q519bd232sc9b7dca53cef1e91@mail.gmail.com>
In-Reply-To: <10845a340703140437q519bd232sc9b7dca53cef1e91@mail.gmail.com>
X-Enigmail-Version: 0.94.2.0
OpenPGP: id=C2272BD0;
	url=http://markus.fischer.name/my_public_key.txt
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: 18
X-Spam-Level: +
X-Spam-Report: Spam detection software, running on the system "genuine", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello
	Richard, before starting hacking the source, what do you think about
	using session_set_save_handler() to specify your own custom session
	handlers which write your session into a database and not on the file
	system? [...] 
	Content analysis details:   (1.8 points, 5.0 required)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	0.1 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
	[213.47.89.232 listed in dnsbl.sorbs.net]
	1.7 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
	[213.47.89.232 listed in combined.njabl.org]
Subject: Re: [PHP-DEV] A request for code change : Repeated opening and closing
 the session leads to a LOT of Set-Cookie headers.
From: markus@fischer.name (Markus Fischer)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Richard,

before starting hacking the source, what do you think about using
session_set_save_handler() to specify your own custom session handlers
which write your session into a database and not on the file system?

I think this way, once you know the session id (which you do after the
first time you call session_start), you can simply update the
information in the database directly on your own without calling
session_start()/sesion_write_close() numerous times. Probably you need
to take care about locking on your own, but with a database that
shouldn't be too hard.

HTH,
- - Markus

Richard Quadling wrote:
> Hi.
> 
> I have a webapp which uses Ajax to initiate a process on the server
> which could take several minutes to complete and will go through many
> steps to before the task is finished.
> 
> In that script, I update the session to indicate the current position
> of the process.
> 
> When the user initiates the main process, another AJAX request is made
> which examines the state of the main process (via the session) and
> reports back to the client - keeps them interested. The user can also
> abort the process and closing the browser also triggers an abort.
> 
> All works FINE in FF. In IE, I'm getting a "Page cannot be displayed"
> sort of errror (having to debug the response to see this). This SEEMS
> to relate to the fact that I am closing and opening the session in the
> first script as I want to keep the session file uptodate. The process
> script only has 1 output and that is the final result at the end of
> the script.
> 
> I also tested this using a telnet connection to the webserver and sent
> the same headers that FireFox generated (captured via FireBub) and it
> bombed just before the data arrived (Lost connection).
> 
> e.g.
> 
> <?php
> function UpdateSession($s_Progress) {
> session_start();
> $_SESSION['Progress'] = $s_Progress;
> session_write_close();
> }
> 
> //Stage 1
> UpdateSession('Loading preferences');
> ...
> //Stage 10
> UpdateSession('Report generated and is now available at <a href="' .
> MakeWebPath(realpath($s_PDFReport)) . '">here</a>.');
> echo rawurlencode(json_encode(array('SUCCESS' =>
> MakeWebPath(realpath($s_PDFReport)))));
> ?>
> 
> 
> As a consequence, I get ...
> 
> Set-Cookie: PHPSESSID=uWPNRja2oT0PHPDCLqUiMzXiz1b; path=/
> Set-Cookie: PHPSESSID=uWPNRja2oT0PHPDCLqUiMzXiz1b; path=/
> Set-Cookie: PHPSESSID=uWPNRja2oT0PHPDCLqUiMzXiz1b; path=/
> ...
> 
> LOTS of times followed by a "Page cannot be displayed". If I use
> Ethereal to examine the data, it is all there and is the same via IE
> and FF, it is just the IE doesn't like the REALLY long header.
> 
> I accept this is normal behaviour and IE should "deal with it", but ...
> 
> Is there any mileage in stopping session_start from sending the same
> header if it has already been sent? If the PHPSESSID is different,
> then fine, send it.
> 
> From looking at session.c and php_session.h, I think the following
> changes would suffice.
> 
> 1 - The typedef struct _php_ps_globals {} needs to include ...
> 
> char *prev_id;
> 
> 
> 2 - In PHP_GINIT_FUNCTION(ps) ...
> 
> ps_globals->prev_id = NULL;
> 
> 
> 3 - In php_session_send_cookie(TSRMLS_D), do a comparison of prev_id
> and id (taking into account prev_id could be NULL) and if different,
> then allow the cookie to be set and to update prev_id with the id
> sent.
> 
> 
> Some other issues, if other parts of the cookie are altered, then
> maybe rather than just examining the ID, the entire cookie should be
> remembered.
> 
> 
> Assuming that the cookie would be identical, repeatedly sending it to
> the client when the session is repeatedly opened is a pain and I think
> can easily be fixed.
> 
> 
> Thank you for your time.
> 
> Richard Quadling.
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF+EeF1nS0RcInK9ARAv+4AJ0U9vghOlKO5rIyxh3CmYDDXOe8zwCfXPOn
3EQjSg8mMEgVQVpiLwMBja4=
=+5S8
-----END PGP SIGNATURE-----