Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70124 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 47983 invoked from network); 14 Nov 2013 20:01:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Nov 2013 20:01:19 -0000 Authentication-Results: pb1.pair.com smtp.mail=adam@adamharvey.name; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=adam@adamharvey.name; sender-id=pass Received-SPF: pass (pb1.pair.com: domain adamharvey.name designates 209.85.219.49 as permitted sender) X-PHP-List-Original-Sender: adam@adamharvey.name X-Host-Fingerprint: 209.85.219.49 mail-oa0-f49.google.com Received: from [209.85.219.49] ([209.85.219.49:48188] helo=mail-oa0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BC/61-40965-F0C25825 for ; Thu, 14 Nov 2013 15:01:19 -0500 Received: by mail-oa0-f49.google.com with SMTP id h16so2815578oag.36 for ; Thu, 14 Nov 2013 12:01:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamharvey.name; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=JADEhEup+mF/ijIj4w86RF9xRSW/YuBG6pocp2jb6xI=; b=BkQiVTIaIaMafgzynJKy01qM2vk9HURyl7/tF8tL5kSXa2KusSogirkIrL1HaRQDOK rxwvlt/mkilVlEp0MbTz/3TwQJapj2rwIAf4jTzXAIWu5YRGkcPkAjI5ZQnK+b9HKLMV B5ObwUttQ1iiW+mm5aH34lfC1hoW5c0O9l6s0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=JADEhEup+mF/ijIj4w86RF9xRSW/YuBG6pocp2jb6xI=; b=DGxI1zXIoojqKEAzqt769ehd01sNmelcV4oTZdzvENXJNu5MqpfliXxTdGuACDe2jw 7qcHLsOIYWdjkMWbWBlNd5wnLjUk3tPGbXNH6D9tBpzpsZ/qCFIJoj5RF9/7dE1KO8N5 QGM8ocS+9MkICgIFN4JkgZASBhJDMfwTheKCYDaayVhiaZdeGlRqfHAn3uPSNbVk53hU SrvdeDLtIQefnF5S2xrWIpIesMAv5rI0+G/ArpdKMyi92McQvVOMstjEwVlYhBZiGEsr xpm/+FHcfFCk74cR7waiZCuYDsZegnmHnjoClXjiTx9PP5/QuHRSaGTf1x8nSBjsUoxI bkRQ== X-Gm-Message-State: ALoCoQkFF+YvdwhWwNgSiIfTww/rG6s2Py++RrN8vxjO90nqMDbGw/o4PgQ+9RBxhokF7jlhGAf8 X-Received: by 10.182.92.138 with SMTP id cm10mr3185607obb.95.1384459276940; Thu, 14 Nov 2013 12:01:16 -0800 (PST) MIME-Version: 1.0 Sender: adam@adamharvey.name Received: by 10.76.178.161 with HTTP; Thu, 14 Nov 2013 12:00:56 -0800 (PST) In-Reply-To: References: Date: Thu, 14 Nov 2013 12:00:56 -0800 X-Google-Sender-Auth: GEcUoRppPinyz_jnuzLuVJa5kTg Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: Session cache, lock and write From: aharvey@php.net (Adam Harvey) On 14 November 2013 11:54, Yasuo Ohgaki wrote: > I also would like to add "session deletion delay" to mitigate session > deletion > race condition by adding deletion time in session data. (i.e > session_regenerate_id(true) > may create multiple valid sessions. This can be mitigated by having this) > > session.deletion_delay =3D int (by default 0 =3D delete immediately. 10 f= or 10 > sec later) > > If there is $_SESSION['__SESSION_EXPIRE__'] and expired, new session ID i= s > created > automatically. > > I would like to hear comments for this also. As a nitpick, I think I'd rather this was controlled by a function than a magic $_SESSION key, at least in userland =E2=80=94 conceptually, it= 's simpler to explain to users if everything in $_SESSION is always persisted and it never affects behaviour. +1 on the idea, though. Adam