Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:73099
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15622 invoked from network); 13 Mar 2014 07:46:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Mar 2014 07:46:03 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.45 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.45 mail-la0-f45.google.com  
Received: from [209.85.215.45] ([209.85.215.45:34177] helo=mail-la0-f45.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A8/60-12560-93261235 for <internals@lists.php.net>; Thu, 13 Mar 2014 02:46:02 -0500
Received: by mail-la0-f45.google.com with SMTP id hr17so408512lab.32
        for <internals@lists.php.net>; Thu, 13 Mar 2014 00:45:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=NAG2kXanMom/Nrj/wVsF/IFk8locw+o9dT3bXkuV97I=;
        b=0NtgCmHzLnZWoT3TLa95UrrMLOxKsbIHESa+4jVJIgMKO7w6JEPKhmU3Eob4y57qvE
         shnrnhI4G2XB5zOHWQ7DeDSv4cu6D4iVjLFYgKtf39+VV3ZGWnDP+Ez6W3v6FDUHLuFw
         /Xnx8YucgXf/ntAf2XqX5AyIcKnDOzge5+Aubabnw68b+931R8rFIm2yvgitWImZOUG7
         /9TJn+pVP3LB3tKeEQB0JCfBNg0G6guck525St/tCchZ8JcAxUPaRFX6cwrvdmN0o58f
         96Y5lPL/taX8r/VvkNdIHdTrPJmjpMf7QfMNzODMvVvi1I1jlFflODk9CsBlXb1DbkqL
         gPiQ==
X-Received: by 10.152.87.71 with SMTP id v7mr239739laz.10.1394696757728; Thu,
 13 Mar 2014 00:45:57 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.205.73 with HTTP; Thu, 13 Mar 2014 00:45:17 -0700 (PDT)
In-Reply-To: <CAJ26g5TfiwjECNH_GbU6OCwCJdCCRJxKLUBL6wtw89XNo8P2eg@mail.gmail.com>
References: <CAPhkiZx=0Vr5p=7VZJD4PeD0ub-khSVMw3G03QhO8CC4xxm11A@mail.gmail.com>
 <CAGa2bXZTU5HzM4oXyiu0PnS=W2Oz1uLP_BnyWBUXyYUTO0tMYg@mail.gmail.com>
 <CAPhkiZz_d_wFPgwwYXJD-A+tz0Uf9KQ6uXNi1HhZGWFF1=W91A@mail.gmail.com>
 <CAGa2bXY86ri7b=rquo8Vbbh5ZoHOkwGBRoPWPup-SVPMu0WEgg@mail.gmail.com>
 <CAPhkiZyEqcx+UTPzpyYjz9pxWJnCNDO9pUMQNxvTpnrxmez9nw@mail.gmail.com>
 <CAGa2bXb5rLU26NDDHkWDw-FYf=vh2J=LAGFrqU3A3JJpOTY_dA@mail.gmail.com>
 <CAPhkiZyyXuqqybs+q8rnp_eJZDU0De2wMqwfv5mWiihr9GsueQ@mail.gmail.com>
 <CAGa2bXboo3CGOP9x+fW0Q98aniBcXejkGSJv5=qygL9ia67FbA@mail.gmail.com>
 <CAPhkiZzaTCE6sR=Rt=4VBmVOCo+uSQMREpf-fg6hWBrbCW+RXQ@mail.gmail.com>
 <CAGa2bXYWVoX_05BdS0M-V5G+B=4v-W-DPbWT8-vPrtd=gJtcCg@mail.gmail.com> <CAJ26g5TfiwjECNH_GbU6OCwCJdCCRJxKLUBL6wtw89XNo8P2eg@mail.gmail.com>
Date: Thu, 13 Mar 2014 16:45:17 +0900
X-Google-Sender-Auth: 6TUfeqOOWGgrubSy5lfPe-6grHA
Message-ID: <CAGa2bXbeucsEK2X1_wvtY_zMXs6guQAWxEMFhpjhyyOopq3sog@mail.gmail.com>
To: Patrick Schaaf <bof@bof.de>
Cc: internals <internals@lists.php.net>, Andrey Andreev <narf@devilix.net>
Content-Type: multipart/alternative; boundary=001a11c355b2d05a1c04f47824ed
Subject: Re: [PHP-DEV] Re: Revert session_serializer_name(), session_gc()
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a11c355b2d05a1c04f47824ed
Content-Type: text/plain; charset=UTF-8

Hi Patrick,

On Thu, Mar 13, 2014 at 4:15 PM, Patrick Schaaf <bof@bof.de> wrote:

> >
> > Save handler may keep & check last GC time. If it's over session.expire,
> > perform GC.
>
> That would have a "scoping" problem: session.expire, at least in theory,
> can be different for different scripts / usages of session in the same
> application, but such a global last-GC timestamp would be... global.
>
> Also generally GC is a costly global operation, slowing down the request
> that hits it (probably that's why you envision a cronjob right?)
>
Yes. This is issue for save handlers that should perform costly GC.

> > Issue is that "session data that should be deleted" is not deleted and
> > could be alive long term due to current design. Current design is good
>
> The _proper_ solution, would be to keep a timestamp stored with each
> session. kind of a last-modified timestamp. (expiry does work off last
> modification, right?). Anyhow, the trick is to check at session_start
> whether that timestamp plus whatever session.expire is set at, already is
> in the past - and when that happens, destroy the one session on storage and
> act as if it hadn't been found.
>
> This way there is no longer any correctness problem, and a GC is only
> needed to clean up sessions that are never requested again - and for that I
> fully agree that a separate - e.g. cron driven - "GC now" job would be best
> (not affecting latency of running frontent requests too much).
>
> Of course, going to such a solution, requires a change to all session
> implementations in that they must provide for storage and return of such a
> last-modified timestamp (or othewise the improvement cannot be realized for
> a non-updated-to-the-new-scheme session handler)
>
I agree. It's proper and feasible solution. I've sent issues about
session_regenerate_id() in other thread. It could be solved by time stamp
stored as session data also. Storing time stamp out side of $_SESSION data
would be cleanest solution, but it requires new interface.

It may be good idea to write a new save handler interface while keeping
older one.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a11c355b2d05a1c04f47824ed--