Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:60985 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88534 invoked from network); 27 Jun 2012 11:37:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jun 2012 11:37:14 -0000 Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.51 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.216.51 mail-qa0-f51.google.com Received: from [209.85.216.51] ([209.85.216.51:55482] helo=mail-qa0-f51.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 68/D3-02132-860FAEF4 for ; Wed, 27 Jun 2012 07:37:14 -0400 Received: by qaea16 with SMTP id a16so824728qae.10 for ; Wed, 27 Jun 2012 04:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=97KiqCu/SVztKjgI1h0KxF8FI7T0dbAiusf4qXOzhxE=; b=MoS176O03I6pQ+wA7xfxId7tEQcqPO8FO38Oa88jFdQF8IdI1NSURmkAW0QGNtr0aU kP5CZh4AL1mscwpzQpxE8LKPp62lWOTYnmdeSr7Esgp5K4f8fUFO9YZ/6PI+WzsIaA7f FOlpPn1rVObku+75tgDMpqFFkf9Tk/WmMIhDEWGEb9eketYO5cqv0moh93cr5uyhAVfO ZDwIZ/9nBtlPBB97DBPEtr4vw8EMMbjeCEuGxd08WdhrLGjGHvFF0MAdM1AD4JOU3G65 geCVy5AkmvqJiFW2hqOEs4pGoSa7O38gHR0QrWnG/oIDyGPihWYbz3C9GRJF+/tiJ5Ng iJFw== MIME-Version: 1.0 Received: by 10.229.135.84 with SMTP id m20mr8590421qct.89.1340797030454; Wed, 27 Jun 2012 04:37:10 -0700 (PDT) Received: by 10.229.51.17 with HTTP; Wed, 27 Jun 2012 04:37:10 -0700 (PDT) Date: Wed, 27 Jun 2012 12:37:10 +0100 Message-ID: To: internals@lists.php.net Content-Type: multipart/alternative; boundary=00248c6a6732b758ff04c372a2f1 Subject: Session Handler enhancement (create_sid) From: leight@gmail.com (Leigh) --00248c6a6732b758ff04c372a2f1 Content-Type: text/plain; charset=ISO-8859-1 Session Handler enhancement (create_sid) I would like to propose a new feature to the current custom session handling; the ability for a user defined function to be used when generating the session id. The reasons are as follows: The Session Handler doesn't know when session_regenerate_id is used. If you want to set custom session identifiers, you have to use a replacement for session_regenerate_id. This prevents a session handler being dropped in to existing code without modification to that code. The flexibility given to sid generation using session.hash_function and session.hash_bits_per_character is still quite restrictive. I particularly dislike the chosen character set for session.hash_bits_per_character = 6, as the comma will always be urlencoded to %2C prior to being sent as a cookie. Existing code caters for a custom sid function (and has done since PHP 4), but it is not implemented. ps_module_struct already has a placeholder for s_create_sid, but it is hard-mapped to an internal function. The modifications required to allow a user function are minimal. I have created a patch/pull-request: https://github.com/php/php-src/pull/109 Regarding BC, I have implemented it such that supplying individual callbacks to session_set_save_handler is backwards compatible. The 7th argument is optional and if no callback is supplied the default is used. However when calling session_set_save_handler with a SessionHandler object, BC is broken. It is possible to preserve BC with a few changes but that means the interface would have to be incomplete. I think it is less evil to break BC for this relatively new feature (by new feature I mean the SessionHandler class - not create_sid), than it is to have a built-in class that doesn't match its associated built-in interface. --00248c6a6732b758ff04c372a2f1--