Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73106 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 33643 invoked from network); 13 Mar 2014 10:36:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Mar 2014 10:36:39 -0000 Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.160.178 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.160.178 mail-yk0-f178.google.com Received: from [209.85.160.178] ([209.85.160.178:34165] helo=mail-yk0-f178.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 86/A3-12560-53A81235 for ; Thu, 13 Mar 2014 05:36:38 -0500 Received: by mail-yk0-f178.google.com with SMTP id 79so2165398ykr.9 for ; Thu, 13 Mar 2014 03:36:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=qW67Av0tvvp/XCovpnG0OmeUPw2Qb5Bb1izOz6MLlRw=; b=OeHL9ec2ANj9gIhKZuOSLV7nu1nyM5uNfts9BBH1zn7LP8axBGFa43zTu/IXJlrW8v M/dwECAY3NKRiksKdgLwAvreYsGLO4q5EcyaLhIx6uJOQynBpUlGL3e99xlgKC1Jabrn 3uBohseviHIBhlPD1LE6LjMbQP/osq5KSlWKQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=qW67Av0tvvp/XCovpnG0OmeUPw2Qb5Bb1izOz6MLlRw=; b=bvbkuvxTXXoE3MzCkHLT796x9cYjitHI9j5CW9CbEuFkRSR70f0p3hu36o7oNOj92W lJRIgOENE0ScSX/egckGZqJTPZBtRCbZonUSii+H6Bqcxus6713xgn3zdLjJViAaVYEH 7MUqe5X0mk/LbQb/YMt9+6i2m14Ui1/RacxUE1dqyDDrDNkkPPePW2lct2rBIRIFn+PL 4L20H14UduLMSvRqs+AGn3Td6ThktR7GJdshYaV+gI7q4+9acILNmNWpq2aqIBE6WxKc wJQk0vbm1j3J3czVbJf6Jlucnt5mMsN8hwuaBQrUd7UMm/AR21mHk6Q3DmBzPlyPm9w2 OnkA== X-Gm-Message-State: ALoCoQkMHV20LoOb5q970giESmvTkWVLuFzmkFJXrjLHhN/H9V0GHyP65QkxLb5+YcZxH6gnCln7 MIME-Version: 1.0 X-Received: by 10.236.184.136 with SMTP id s8mr728177yhm.132.1394706995442; Thu, 13 Mar 2014 03:36:35 -0700 (PDT) Received: by 10.170.188.139 with HTTP; Thu, 13 Mar 2014 03:36:35 -0700 (PDT) In-Reply-To: References: Date: Thu, 13 Mar 2014 12:36:35 +0200 Message-ID: To: Pierre Joye Cc: Yasuo Ohgaki , Patrick Schaaf , internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: Revert session_serializer_name(), session_gc() From: narf@devilix.net (Andrey Andreev) Hi, > The _proper_ solution, would be to keep a timestamp stored with each sess= ion. kind of a last-modified timestamp. (expiry does work off last modifica= tion, right?). Anyhow, the trick is to check at session_start whether that = timestamp plus whatever session.expire is set at, already is in the past - = and when that happens, destroy the one session on storage and act as if it = hadn't been found. Such a timestamp already exists, you can't implement sessions without one because there would be no way to know when a session have expired. For the files handler, it's filemtime() (afaik) and the behavior that you described is probably already in use (I see no reason not to). However, that's not in the scope of GC. > a GC is only needed to clean up sessions that are never requested again -= and for that I fully agree that a separate - e.g. cron driven - "GC now" j= ob would be best (not affecting latency of running frontent requests too mu= ch). ^ That is what a garbage collector is, indeed. :) On Thu, Mar 13, 2014 at 11:22 AM, Pierre Joye wrote: > On Thu, Mar 13, 2014 at 8:45 AM, Yasuo Ohgaki wrote: > >> It may be good idea to write a new save handler interface while keeping >> older one. > > > It would really helpful to target a later versions, maybe 6 and see > what we can do while minimizing the impact in userlands (whether or > not custom session handlers are implemented). > > But all the discussions and RFCs about basically the same needs have > been very confusing. > > What do you think? Is it something you could consider? I am deffinately a proponent of that. I already mentioned earlier that I have some ideas ... this is one of them. However, while Yasuo seems to always be keen on creating RFCs immediately, I'd rather focus on the existing ones that are session related: https://wiki.php.net/rfc/secure-session-options-by-default https://wiki.php.net/rfc/session_regenerate_id 5.6 is really close and this is important stuff that was supposed to go in, but has not had updates recently and lagged behind. Changes for future versions can wait a few days/weeks ... Cheers, Andrey.