Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68372 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88395 invoked from network); 5 Aug 2013 09:22:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Aug 2013 09:22:50 -0000 Authentication-Results: pb1.pair.com smtp.mail=arraypad@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=arraypad@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.173 as permitted sender) X-PHP-List-Original-Sender: arraypad@gmail.com X-Host-Fingerprint: 209.85.217.173 mail-lb0-f173.google.com Received: from [209.85.217.173] ([209.85.217.173:57811] helo=mail-lb0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AA/CC-06453-9EE6FF15 for ; Mon, 05 Aug 2013 05:22:49 -0400 Received: by mail-lb0-f173.google.com with SMTP id 10so1904255lbf.4 for ; Mon, 05 Aug 2013 02:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8gahQQn6ri4nrvBaQeBftuPf4TrenWEXoNCMBK6cDv8=; b=UekUA5rYL+vQ6eFn5QOEDwzzl5/bLa2W3LKaSfwz/TU52vramp+Ebj1/svN50LLdKB cedsqWL2T0ifQ5wswVcOqBci+1+dN9xkksaRtqdhZsyNzhJ7MJJcIKslzO4BP2agFU5e nZm8fVAuQj69QovvdMOQd9QFAp4G6ywIJ8+calMxP+f3LchWcA6rFz52rnpcZ/iZkN4h HWYi2T9Rm3A+0UKyd4d2j2I4ucdr2CDwosivZ5qV6Y3C39j/7HOdgduNlDty9+rHU84A +e4JQ82qGyp9Qdo5o2LCUBVxJ+7GjFWs4qnPuiaKKquJEAFnWqL0QSgeN2w3oJbMt0Qh eHuQ== MIME-Version: 1.0 X-Received: by 10.152.8.12 with SMTP id n12mr8221746laa.10.1375694565188; Mon, 05 Aug 2013 02:22:45 -0700 (PDT) Received: by 10.112.132.201 with HTTP; Mon, 5 Aug 2013 02:22:45 -0700 (PDT) In-Reply-To: References: <50364644.1060302@lerdorf.com> <5039D249.30707@sugarcrm.com> <503A968A.4070206@sugarcrm.com> <51FEEEAF.1070705@sugarcrm.com> <51FEF5AA.5060409@sugarcrm.com> Date: Mon, 5 Aug 2013 10:22:45 +0100 Message-ID: To: Yasuo Ohgaki Cc: Stas Malyshev , PHP Internals Content-Type: multipart/alternative; boundary=001a11c365b6e0b0bd04e32fd971 Subject: Re: [PHP-DEV] Session Id Collisions From: arraypad@gmail.com (Arpad Ray) --001a11c365b6e0b0bd04e32fd971 Content-Type: text/plain; charset=ISO-8859-1 Hi, On Mon, Aug 5, 2013 at 2:01 AM, Yasuo Ohgaki wrote: > Thank you for noticing crash. Data can be null, so the fix is OK. > Removing the limitation that prohibits setting session ID is fine for me, > too. > > Please, apply your patch. I thought we were in agreement about doing this properly in PHP.next? My arguments against this version of the patch still stand: On Thu, Jun 27, 2013 at 11:51 AM, Yasuo Ohgaki wrote: > Hi Arpad, > > 2013/6/27 Arpad Ray > >> I see the strict mode check is now implemented in the handlers and not >> session.c, presumably to keep ABI, but this means code is duplicated and >> the setting only actually works if the handler supports it. It's >> unfortunate timing since 5.5 has just gone, but I think it would make much >> more sense to have a new function in the structure (as in your original >> patch) and do this only in PHP.next. >> >> Having such an ini setting which quietly fails if using an unsupported >> handler is not good. I guess you could keep a whitelist of supported >> handlers but that's also obviously far from ideal. >> > > Thank you for comment. > > There are plenty of time before 5.6 release, I would like to fix ps_module > API also. Current implementation requires ps_modules to access PS(id) to > prevent rare case of crash. I'll try to implement a little better API for > ps_modules. > Arpad --001a11c365b6e0b0bd04e32fd971--