Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:64421
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7988 invoked from network); 24 Dec 2012 06:33:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Dec 2012 06:33:02 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.49 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.49 mail-la0-f49.google.com  
Received: from [209.85.215.49] ([209.85.215.49:35396] helo=mail-la0-f49.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B9/F6-32426-D17F7D05 for <internals@lists.php.net>; Mon, 24 Dec 2012 01:33:01 -0500
Received: by mail-la0-f49.google.com with SMTP id r15so8148855lag.36
        for <internals@lists.php.net>; Sun, 23 Dec 2012 22:32:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type;
        bh=9mhb5kHWWwKtp+A8mrBEvg9t+CaqeOJejbRcVnqU+jA=;
        b=sqg1KYxkX3VMYskYNA8dYehaD/iqRC72u7AHmHH6y2k7C6wVHHP5e8sZsowyUt8I6j
         dNSE2km+/LsssJOGKoQfsLuc32Ld3NCyZ1+kRd5269DAtBvcTXI5RKm/cXz0ouGh4KkM
         1dYrRfHutMc/Lhk4Zqi53PyshNlrp6+psxyG4MvJ5I1TJprhhzC6G/TaU/VRH3zDYDqE
         FWNwq3T/O/6f+8UkwCQUeV/LdriNLrOEOvuENeuldQlz0f9WmK48Cb7lSEznCExnG5P8
         2z3/g0PzykfULB5hE/tlPQX5u3M1qKuir0GDhx0DxPbEO5qVWxM+ARKqP69We0TgwhRJ
         ZJCg==
Received: by 10.112.85.35 with SMTP id e3mr7810165lbz.106.1356330778019; Sun,
 23 Dec 2012 22:32:58 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.114.77.130 with HTTP; Sun, 23 Dec 2012 22:32:17 -0800 (PST)
In-Reply-To: <CAGa2bXaMYxD3-mbATK0WfEryVEvjHE8m2RnujTauLN8t1S+H6w@mail.gmail.com>
References: <CAJRMtAGcN-n9wv8-CFiLt+bXhMvOcmfG8a3kBORVUVCz9n4Bqw@mail.gmail.com>
 <50364644.1060302@lerdorf.com> <CAJRMtAH=-B8+M6+kMrpKQZ=Yg2ASa5iv=JCUbjvHkw0UFmw73w@mail.gmail.com>
 <CAL+t6cHj4p=RLwSRGX789w-CswZQd_XtuL364KRBsc66ROdmJA@mail.gmail.com>
 <CAGa2bXY2+kDx32evFmFqUD3P1L6x=PypnVJTuj_mP2853QWQKw@mail.gmail.com>
 <5039D249.30707@sugarcrm.com> <CAGa2bXZso_S3fOUogqMwiTYJKtK3KZH5Fs8GZApxMnT+DwgpbQ@mail.gmail.com>
 <CAGa2bXauBFja+BJcLxiE5t5rnfna1QDt3iTRdYr04a1ExFz7+A@mail.gmail.com>
 <503A968A.4070206@sugarcrm.com> <CAGa2bXaMYxD3-mbATK0WfEryVEvjHE8m2RnujTauLN8t1S+H6w@mail.gmail.com>
Date: Mon, 24 Dec 2012 15:32:17 +0900
X-Google-Sender-Auth: v-JcyF-IDTYbrJYyd8-vZXmXmxk
Message-ID: <CAGa2bXZ3pYiO5Lfn5NS-vuPBk_X6SUsr6Qsswya6mx0S3SjgeQ@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: Sherif Ramadan <theanomaly.is@gmail.com>, PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Session Id Collisions
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi stats and others,

Sorry for the delay.
I've finally updated the strict session patch.

Following diff is against PHP-5.3, but 5.4 and others will be mostly the same.

https://github.com/yohgaki/php-src/commit/42dcd8ef7cd2f9f2071b16586822dadd647c96ef

I was promised to create separate patch for session id collision detection, but
the patch is also in the diff. I left comments for the "if" statement handles
collision. If you still prefer to have separate patch, I'll do it when
I send pull requests.

If nobody has comment, I'll create patch for 5.4.

If you read this patch closely, you'll see that this patch accesses
PS(id) global directly due to limitation of current API. It would be
good to have new API for 5.5, I think.

BTW, this patch fixes bug #60634 as a side effect also.
https://bugs.php.net/bug.php?id=60634

Comments are appreciated.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net