Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70137
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71423 invoked from network); 14 Nov 2013 21:48:29 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Nov 2013 21:48:29 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.169 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.217.169 mail-lb0-f169.google.com  
Received: from [209.85.217.169] ([209.85.217.169:61001] helo=mail-lb0-f169.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B2/04-53459-B2545825 for <internals@lists.php.net>; Thu, 14 Nov 2013 16:48:28 -0500
Received: by mail-lb0-f169.google.com with SMTP id x18so912171lbi.14
        for <internals@lists.php.net>; Thu, 14 Nov 2013 13:48:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=0Bp2VSGLOA/b+TIL5QKGUu1ojgYeQVINr3PhyvOiif8=;
        b=eUzXsJ14bQnERjfel0Y1+MV2QFjEUaqaIvl51IjMYDn9c+ufeVUN6qgdSlnbZJoOXB
         Mimx2Q8bB7PZUM0g9pRSvzmu8+5MzdRuH+F8oRaNsuQvs+TIS0uq0MxEl6+YYqVWEqus
         DDXaFEgGmNuMudF5C8diVxDlMndCeG0goFyLkeFaC9OFmgyUJjalTbxypQwZHOFVJxpP
         vMl0iSxUw36HbgX2n7JOgwJ7u9kBsIN2bU/4yRNmL9q0OmRJZiZcJQsP2aiYcYWHaInR
         wbVfA4ElmDnNqnjpbDAuIdKcjkoUx+6PjRkek4dpi8JVRo2eexeDnoBYq6Gv1A+bFdLa
         EbgA==
X-Received: by 10.152.170.133 with SMTP id am5mr2063897lac.9.1384465705161;
 Thu, 14 Nov 2013 13:48:25 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.154.201 with HTTP; Thu, 14 Nov 2013 13:47:45 -0800 (PST)
In-Reply-To: <528541CD.1040706@sugarcrm.com>
References: <CAGa2bXb7hR=jkHnxrBDXnSZkN7B6cDVPj_Nve2=tWS4_AmmOKg@mail.gmail.com>
 <CADajX4CJ061_1b__TAT_6vjNJ9Z+_N6bqN2CA63d+8gvxf4BXQ@mail.gmail.com>
 <5285390D.6000106@sugarcrm.com> <CAGa2bXZ99mW003=wZ021gNUxVJ3z6KxUUYMUYJh3QdiDEwQFRA@mail.gmail.com>
 <52853E69.5040104@sugarcrm.com> <CAGa2bXZjF_WVynzRyMRaF6XYC2DYYb36fO+nFp9cJ3MaaHbaZA@mail.gmail.com>
 <528541CD.1040706@sugarcrm.com>
Date: Fri, 15 Nov 2013 06:47:45 +0900
X-Google-Sender-Auth: 7O8xsLYTT-TgOzLqdAX1WdJID7E
Message-ID: <CAGa2bXYbOFdD-yusRE9KeDb6QdeYibMW8kABruV2k5xkH=cn2Q@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: Adam Harvey <aharvey@php.net>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e0117720f8f7d2204eb2a0aee
Subject: Re: [PHP-DEV] Session cache, lock and write
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e0117720f8f7d2204eb2a0aee
Content-Type: text/plain; charset=UTF-8

Hi Stas,

On Fri, Nov 15, 2013 at 6:34 AM, Stas Malyshev <smalyshev@sugarcrm.com>wrote:

> > I agree.
> > This behavior could be dangerous just like SQL without transaction.
>
> No, it is way, way more dangerous. SQL only changes the rows it touches,
> session saves the whole session. It would be as if every SQL statement
> would read whole database when you start the application, changed
> something and then wrote the whole database - even the data you never
> intended to touch - back to the disk, wiping out all the changes in all
> other tables other applications changed since you have read it. Unlike
> SQL, which operates only on small piece of data at a time usually,
> session writes the whole thing in one bunch. There is no partial reads
> in writes. So situation here is not even close to SQL - it is way worse.
> The frame of breakage is much larger and the breakage is practically
> guaranteed to occur.
>
> > It's dangerous, but if user know what they are doing, it could be safe
> and
> > application runs faster. This should be documented well. IMO.
>
> I don't think there's a user that knows that they are doing enough to
> use such thing (because that means they have to know exactly how every
> request in their app ever is serialized and what the exact timing of
> every request is, now and forever in the future, and I do not see how it
> is feasible). There might be ones that think they do, but that would be
> a dangerous delusion, and I don't think we should support it.


I agree your concern and I knew well what could be wrong since
I forgot to set "serializable" transaction option when I made session_pgsql
save handler.

However, I think this feature would be nice as optional feature with
BIG caution.

I hope many users are used to "unlocked" session data already thanks
to memcached/memcache/mongodb session save handlers.

I'll make this a voting option.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e0117720f8f7d2204eb2a0aee--