Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:69760 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4910 invoked from network); 22 Oct 2013 11:16:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Oct 2013 11:16:59 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.172 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.223.172 mail-ie0-f172.google.com Received: from [209.85.223.172] ([209.85.223.172:63127] helo=mail-ie0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D0/11-10840-AAE56625 for ; Tue, 22 Oct 2013 07:16:59 -0400 Received: by mail-ie0-f172.google.com with SMTP id tp5so1431490ieb.3 for ; Tue, 22 Oct 2013 04:16:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CdeSHhbGO7LUp7W9OKjqc7v/oWKFqO1FDXRBpS+/7Hk=; b=ah0Rv903xyupmYhLQ3X1HBFs3tViVAZPUgKiHIcCfaJ0TQGjg0aSkj4uma8LYPEHP4 5q6P1Gs6r+Nq/BXOZ6l+isH4oVSYL3jwxDkDP8dQjL0aGdyz3xCXgBK+2jAsp0o52fcz krCAsP2xNjoOCg1atvkPSVm4l9OzYRRu/nJO36i2RAh9JLyt2qCWD60z14/yCEVVPf8M VEX2pv2WLyf9LRQ11haxEZz9yuq9ApSBSXxHT3owXjUJWDaIjpFCk47VBhaqFD60+xZq kn8giPbr2uAocW5om8Hi/H3Bams5VwXIb1HMntMOY8pYk10qlKS2mTaA8HidrwYyO0i3 p74w== MIME-Version: 1.0 X-Received: by 10.50.97.7 with SMTP id dw7mr13176054igb.2.1382440616213; Tue, 22 Oct 2013 04:16:56 -0700 (PDT) Received: by 10.50.73.42 with HTTP; Tue, 22 Oct 2013 04:16:56 -0700 (PDT) In-Reply-To: References: Date: Tue, 22 Oct 2013 13:16:56 +0200 Message-ID: To: Patrick Schaaf Cc: internals , Yasuo Ohgaki Content-Type: multipart/alternative; boundary=047d7b10c853da489d04e95289ab Subject: Re: [PHP-DEV] session_regenerate_id(true) by default From: tyra3l@gmail.com (Ferenc Kovacs) --047d7b10c853da489d04e95289ab Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Oct 22, 2013 at 1:10 PM, Patrick Schaaf wrote: > > Am 22.10.2013 12:48 schrieb "Ferenc Kovacs" : > > > We could we add an E_DEPRECATED for the session_regenerate_id(false) > usage > > for 5.6 instead. > > I might find that useful for the session_regenerate_id() case, i.e. when > using the default, but IMHO there are perfectly valid reasons to keep the > previous session active in a controlled way. > > Working on the issue for our own application, I'm in the process of > teaching our session wrapping class to regenerate ID often - but when doi= ng > so, first setting up the previous session ID with two pieces of > information: a short timeout of 20 seconds or something like that, and a > "forwarding ID" which references the new session ID. > > I want to do this because I want to regenerate IDs often (also based on a > rather short timeout), and I'm concerned about parallel in-flight request= s > - a high probability reality with ajax getting more and more traction - > still presenting the old session ID a second or two after a request > determined to regenerate. > > BTW and a bit off-topic: is there a good reason for session_write_close > not returning a success indicator? Right now it spams the log with a > misleading message, but gives me no chance (short of setting up a global > error handler to catch and handle that message) to see (and maybe retry / > use a fallback) on failure > > best regards > Patrick > you could do @session_write_close() and error_get_last() instead of the global handler, but I think that it is a good idea and would be a trivial and backward compatible change. --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --047d7b10c853da489d04e95289ab--