Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57456
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76034 invoked from network); 20 Jan 2012 08:24:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Jan 2012 08:24:26 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:56080] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D4/75-42843-9B4291F4 for <internals@lists.php.net>; Fri, 20 Jan 2012 03:24:26 -0500
Received: by yenq1 with SMTP id q1so143396yen.29
        for <internals@lists.php.net>; Fri, 20 Jan 2012 00:24:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type;
        bh=3WwYmmOvd2JLlyfH+GCyNnLo4oGvpHV3KNpIUdGQeA8=;
        b=O/kfJqV7aP2RwSQ5PZE3h5Y6c+fz9jm2d/Lj6P1qL1HNXBLTJ7c+eXl7gTRnh+Roj3
         MoSGcrcs96qFOREbjR1e/dXr2HY20ByP72ZDI8npGQG7dyc3y0GLJzO5gJtCuYoVmapa
         Nz5LOASz/pVCWrsYFasrW5rJ9fSj6u6/000Ss=
Received: by 10.236.182.7 with SMTP id n7mr28239659yhm.32.1327047863122; Fri,
 20 Jan 2012 00:24:23 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.100.43.13 with HTTP; Fri, 20 Jan 2012 00:23:42 -0800 (PST)
In-Reply-To: <4F1912CB.9030404@sugarcrm.com>
References: <4F08C9D9.9050009@sugarcrm.com> <CAGa2bXaGL4op5cNisxTwP-txnXn_jfD1yA73sBajEk_vVX+L7g@mail.gmail.com>
 <4F18C9A5.9070607@sugarcrm.com> <CAGa2bXaYw2+9FFHafUTCefAP7MQLdohRgF-KQKMEXv1PVk9yLA@mail.gmail.com>
 <4F1912CB.9030404@sugarcrm.com>
Date: Fri, 20 Jan 2012 17:23:42 +0900
X-Google-Sender-Auth: 8hd1k-5Mc6GKDNOlFUV22wjK9n0
Message-ID: <CAGa2bXazTYMXr3E5jQQHj5m1bw2N_zKrfNcjntersbY_CjYC8Q@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Code freeze for 5.4
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Stats,


2012/1/20 Stas Malyshev <smalyshev@sugarcrm.com>:
> Hi!
>
>
>> Hi Stats,
>>
>> Ok, I'll hold committing to 5.4, but commit it only to trunk.
>>
>> Any comments form anyone? for committing to trunk?
>> Patch details and user land counter measure are in RFC.
>
>
> Re-reading the discussion, I see that the question of why we need separate
> validator handler is still unresolved. I think we were left with this:

It's for reduced complexity. With separate validation function, we can
 - reduce PS module writer's choice whether validation belong to
   PS_OPEN_FUNC() or PS_READ_FUNC() session data. Validation
   always belongs to PS_VALIDATE_SID_FUNC().
 - inform user save handler (PHP script save handler) writers that they are
   responsible to validate session ID.

We can make new session ID in PS_OPEN_FUNC() or PS_READ_FUNC() always
when ID is not already initialized one, by calling private validation
function from
PS_OPEN_FUNC() or PS_READ_FUNC(). However, I think it's more cleaner to
keep PS module's modular architecture.

Current session module's code is complex enough. Not many people would
understand
the logic at a glance. New PS module writers should always write SID validation
function. Separate API is easier for most people, I suppose.

However, if you insist, I'm ok to modify patch so that it validates
session ID in
PS_READ_FUNC().

>
>
>> In this case, users cannot distinguish whether PS module is adoptive or
>> not.
>
>
> But this can be solved by documentation, unless you mean "users in the code"
> - but then I don't see how having new handler would help as PHP code can not
> really check for this handler, can it? So the question why we need such
> handler is still open.
> However if we would have binary compatible patch it probably would be ok for
> 5.4.1.

Choice is yours.

If it's ok to add structure members that requires current patch,
I'll commit new module structure now. And I'll commit the rest
for 5.4.1.

If you prefer to maintain current structure/API, I'll modify patch.
I would like to add strict session to PHP 5.3, so I have to do that anyway
for binary compatibility.

Regards,

--
Yasuo Ohgaki