Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71546 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27384 invoked from network); 25 Jan 2014 03:09:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Jan 2014 03:09:49 -0000 Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.216.193 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.216.193 mail-qc0-f193.google.com Received: from [209.85.216.193] ([209.85.216.193:45521] helo=mail-qc0-f193.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 25/F2-11879-CFA23E25 for ; Fri, 24 Jan 2014 22:09:48 -0500 Received: by mail-qc0-f193.google.com with SMTP id m20so1883366qcx.8 for ; Fri, 24 Jan 2014 19:09:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=3i9WC1f9YO/i47M5guj6XqTKKaOOt6hDezj+jzZr3jk=; b=mM3dkqnfzP3QBPGiCcwTHIJpPy/G7f7IQ7P1d+ZQjqMS1iMWVXH9Vdu7LXl5varR6J wmJpa6AoenKHlTPDaMHMscdEbdD13rexEOY8iQdXhbiJUx0/GspZbu5txBtNKJChJc4c s5IaW+orEdjLCMXFY74prBbfLKESHpWMTydjU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=3i9WC1f9YO/i47M5guj6XqTKKaOOt6hDezj+jzZr3jk=; b=ikwWXSc9ZYz9x+0hBY4aIO9jhDh2snetSLpkOmDj+UYlCRAKi/9FT+fM4aniP97XyB HPcWa6iHbCWUHYFlnsbXmkGLd+3kb/heTHpocB5K38lRGgdx+Z3sCTl+v4uAi+h/c1CM 3VCWnZEzOhgqADFBz7zbBPPeiDWxJTuwIwg7QzcXCZTCQRYFShz8xJh50PfTRKHG+cFf PzGWK2MEj6Mie302rUrzgOu0XOA/mQ1Ab4pmqA9TmpbkgDjIN3xXrsIJxtkz1S2o5iwS wE7RPyUy9+7hEQv2qQwoIMiRnJPQqMRzN/jbgRvgH3WjmUH/WB/UaKe33/mJ3wzcFvul 1Rpg== X-Gm-Message-State: ALoCoQl0py3TYUcGx1jsyHOPaH/VpuOQhtxfl4k3N9wLdE2G7Y2fity+aTS7E+g5CqfI8VGr/nIs MIME-Version: 1.0 X-Received: by 10.140.48.172 with SMTP id o41mr24437967qga.16.1390619385468; Fri, 24 Jan 2014 19:09:45 -0800 (PST) Received: by 10.96.182.98 with HTTP; Fri, 24 Jan 2014 19:09:45 -0800 (PST) In-Reply-To: References: <52E319F2.8080705@sugarcrm.com> Date: Sat, 25 Jan 2014 05:09:45 +0200 Message-ID: To: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Session IP address matching From: narf@devilix.net (Andrey Andreev) Ok, so there is a way to override a single method. Sorry about that ... I have my own reasons to still think about PHP 5.3 compatibility (which, granted - this feature couldn't solve). Still, that is not optimal. The desired effect is to call the session file something like: __ I can't think of a way of making that happen, so I guess a work-around would be to do: public function open($save_path, $session_id) { $save_path .= DIRECTORY_SEPARATOR.md5($_SERVER['REMOTE_ADDR']); if ( ! is_dir($save_path) && ! mkdir($save_path, 0600)) { return FALSE; } return parent::open($save_path, $session_id); } (because the manual says that directories must already be created) But it is not clear what happens with session.save_path afterwards ... is this the only place where it matters? Plus, I don't think this would be ideal for something like sessions in terms of performance (that's why I listed the directory-based approach last, in my first mail). What if I want to use session.auto_start? And really, do you consider this to be convenient compared to a single ini setting? On Sat, Jan 25, 2014 at 3:57 AM, Stas Malyshev wrote: > Hi! > > > I'm not aware of a way to override just read(). > > What would be the problem with it? You can override each method > independently. > > > But even even if I could, how would I avoid breaking the rest of the > > SessionHandler? The manual implies that read() is where (in userland PHP > > terms) fopen() + assign file handle + flock() would happen. > > Why would you break it? Just do something like: > > class SessionHandlerWithIPChecks extends SessionHandler { > > public function SessionHandler::read($session_id) > { > $data = parent::read($session_id); > if(!$this->doChecks($data)) { > return ""; > } > return $data; > } > } > > Then do: > > session_set_save_handler(new SessionHandlerWithIPChecks());