Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70126 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51743 invoked from network); 14 Nov 2013 20:37:12 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Nov 2013 20:37:12 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.44 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.44 mail-la0-f44.google.com Received: from [209.85.215.44] ([209.85.215.44:57478] helo=mail-la0-f44.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EA/22-40965-77435825 for ; Thu, 14 Nov 2013 15:37:12 -0500 Received: by mail-la0-f44.google.com with SMTP id ep20so2086782lab.31 for ; Thu, 14 Nov 2013 12:37:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=vWc4Sa9cw0Y5q+iccmrM/EAc5Oco/IWLdU0Lh8vGbG8=; b=sPgXaAZM6xf/nUwDa9/c4JyVneu35MjtuZd7X7/oRaC84FdsmE4AM+FrtaLRIq3KSG ZlO/M9/YSILLpC58ofjVgar5r+fj0wFL6z6kYmNRb6NeMsIkEED82/3NTjj7y/Eb3mIV mss9J+TLABO7SgnIYxDYkoP6C4txOR3y53RUn46YFOHu9DrzGatqAhsjcx4t1PkJRWYc mslEIIzT1i9afj3q33QZA0UQgyoZTBoktkeHmOPQ8fRepyFXUjbsKxEUs7eQ0dssVVvB 0TC0DIZjGlYmzMtYNDDXZLgXoRJx+eNeYXPrhf2w6lKzfJm0t+4DLS2fFMlTjEdTSP2W y0kw== X-Received: by 10.152.25.232 with SMTP id f8mr1861920lag.43.1384461427888; Thu, 14 Nov 2013 12:37:07 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.154.201 with HTTP; Thu, 14 Nov 2013 12:36:27 -0800 (PST) In-Reply-To: References: Date: Fri, 15 Nov 2013 05:36:27 +0900 X-Google-Sender-Auth: 5kS6gtNczKUBlhPSksIUBnaoOoQ Message-ID: To: Adam Harvey Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=089e0158b5389d579704eb290b61 Subject: Re: [PHP-DEV] Re: Session cache, lock and write From: yohgaki@ohgaki.net (Yasuo Ohgaki) --089e0158b5389d579704eb290b61 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Adam, On Fri, Nov 15, 2013 at 5:00 AM, Adam Harvey wrote: > On 14 November 2013 11:54, Yasuo Ohgaki wrote: > > I also would like to add "session deletion delay" to mitigate session > > deletion > > race condition by adding deletion time in session data. (i.e > > session_regenerate_id(true) > > may create multiple valid sessions. This can be mitigated by having thi= s) > > > > session.deletion_delay =3D int (by default 0 =3D delete immediately. 10= for > 10 > > sec later) > > > > If there is $_SESSION['__SESSION_EXPIRE__'] and expired, new session ID > is > > created > > automatically. > > > > I would like to hear comments for this also. > > As a nitpick, I think I'd rather this was controlled by a function > than a magic $_SESSION key, at least in userland =E2=80=94 conceptually, = it's > simpler to explain to users if everything in $_SESSION is always > persisted and it never affects behaviour. > > +1 on the idea, though. Thank you for your comment. I was wandering which is better, adding new API for expire time or just add expire time magic value to $_SESSION. Adding expire time to $_SESSION, is easy and no new API is needed, but it looks bad, I agree. Adding new API is clean, but it will requires additional operations to save handlers which might slow down performance. Magic value looks bad, while it's simpler and faster. This could be vote option. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --089e0158b5389d579704eb290b61--