Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:47003 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 69220 invoked from network); 19 Feb 2010 16:49:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Feb 2010 16:49:51 -0000 Authentication-Results: pb1.pair.com header.from=chris_se@gmx.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=chris_se@gmx.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmx.net designates 213.165.64.20 as permitted sender) X-PHP-List-Original-Sender: chris_se@gmx.net X-Host-Fingerprint: 213.165.64.20 mail.gmx.net Received: from [213.165.64.20] ([213.165.64.20:56276] helo=mail.gmx.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F0/A3-57104-D21CE7B4 for ; Fri, 19 Feb 2010 11:49:51 -0500 Received: (qmail invoked by alias); 19 Feb 2010 16:49:46 -0000 Received: from p54A150A9.dip.t-dialin.net (EHLO chris-se.dyndns.org) [84.161.80.169] by mail.gmx.net (mp025) with SMTP; 19 Feb 2010 17:49:46 +0100 X-Authenticated: #186999 X-Provags-ID: V01U2FsdGVkX1//gv5EkZL/bjqmUyy7ggTW55deGII9oVHhN7MxaJ d2HlojP5GZWi5N Received: from [192.168.0.175] (HSI-KBW-091-089-022-117.hsi2.kabelbw.de [91.89.22.117]) by chris-se.dyndns.org (Postfix) with ESMTP id A618E3F7C; Fri, 19 Feb 2010 17:49:44 +0100 (CET) Message-ID: <4B7EC0FD.4000508@gmx.net> Date: Fri, 19 Feb 2010 17:49:01 +0100 User-Agent: Thunderbird 2.0.0.21 (X11/20090302) MIME-Version: 1.0 To: Hannes Magnusson CC: php-dev List References: <4B7EB41D.9060207@gmx.net> <7f3ed2c31002190827l136e25dfgb7336ad8668ca65b@mail.gmail.com> In-Reply-To: <7f3ed2c31002190827l136e25dfgb7336ad8668ca65b@mail.gmail.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.64000000000000001 Subject: Re: [PHP-DEV] Execution point of session save handler on shutdown From: chris_se@gmx.net (Christian Seiler) Hi, >> I have been investigating a problem occuring when using APC in >> combination with userspace session save handlers. This has been reported >> multiple times both in the APC and PHP bugtrackers, bugs related to this >> issue include (but are most likely not limited to): > > This has been documented feature for several years. > You should explicitly call session_write_close() when your custom > session handler is a userspace object. I would consider this a work-around to a design issue - but not a solution. With other extensions, I could imagine even crashing PHP in this way if a suitable extension is loaded - assume such an extension has some global state initialized on RINIT and deinitialized on RSHUTDOWN, and then after de-initialization the user-space session handler kicks in and tries to do something with the extension - all kinds of weird things could happen. If you say: ok, we want to force the user to use session_write_close(), then we should make sure php_session_flush() is only called at the end of the script if no userspace handler is installed, else emit a warning or whatever (if that's even possible at that point because output was already flushed completely). But even then you still have the problem with serialization. If you put an object into your $_SESSION data that has a __sleep function - and that __sleep function uses some kind of other functionality other than returning a simple array, you will run into problems. And that is the case regardless of whether you use a userspace session handler. I don't think that ANY extension should use the engine to execute userspace code in RSHUTDOWN - at all. If an extension does such a thing, I'd consider the resulting behaviour undefined and prone to all sorts of trouble. Regards, Christian