Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:73152
Return-Path: <narf@devilix.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55083 invoked from network); 14 Mar 2014 10:07:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Mar 2014 10:07:08 -0000
Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.213.54 as permitted sender)
X-PHP-List-Original-Sender: narf@devilix.net
X-Host-Fingerprint: 209.85.213.54 mail-yh0-f54.google.com  
Received: from [209.85.213.54] ([209.85.213.54:44302] helo=mail-yh0-f54.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BB/33-47923-CC4D2235 for <internals@lists.php.net>; Fri, 14 Mar 2014 05:07:08 -0500
Received: by mail-yh0-f54.google.com with SMTP id f73so2250854yha.41
        for <internals@lists.php.net>; Fri, 14 Mar 2014 03:07:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=devilix.net; s=google;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=GOXRJOH+4C4nDsDlt/UyxxMc+/cZpeQTGFKvWJyjrwM=;
        b=Tv2vJIOcBr6jvJqBvDiO/SEuAng7bAxMavlwqBJoorRjJuiVasiSSQJ7llFKHDyAEz
         TMc3DmyN34EvdKQiz0JgE+QzWoJVUf0kZIBbDvrf94gLaipe7ZNZ4DO4ya/cqPEvRJzK
         ZV7IpcnrDPjoaPgaI/s1ju10UH43hJ6brY/4k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=GOXRJOH+4C4nDsDlt/UyxxMc+/cZpeQTGFKvWJyjrwM=;
        b=AO44cblvSTIENVFmW05RwMXahPQ+8XWR52/1WQQMEoPX73N66IBZWom5mNi2i1iW69
         nogt15uBmlM/x7i1iJ+KsAUHhT+dj1oflydmHt3L+fxHIq24Tc2ET1OBWG1vP78YSKRM
         ZGW+I56yRV69OS/Ji/ydnvCQSpZSXE2vQDY1eSEsTlfBGVIRunLq1PyqkAO4MeZ4lhrd
         IsiNm2+ULrIR4DbiUOOVm8WytAtXuA8H1qZWiwrAYudyocigrowpAC3g13yh40KF268z
         fxbBuSXNuOoh0Zw8wLsyhK9Y5xGkX+6RH+kjzZJH1ICGMMZl//uvAbuMZmBeMFXQkAth
         uInA==
X-Gm-Message-State: ALoCoQn3RI2mqOZsLruO9beWuL5Agdooq9mwS943KS0nqBBq9adSD3/zPk5Xx4RM7FNBEIMiUWvk
MIME-Version: 1.0
X-Received: by 10.236.122.99 with SMTP id s63mr9442962yhh.19.1394791625249;
 Fri, 14 Mar 2014 03:07:05 -0700 (PDT)
Received: by 10.170.188.139 with HTTP; Fri, 14 Mar 2014 03:07:05 -0700 (PDT)
In-Reply-To: <CAGa2bXZ458+diX3FFh3tw_W28y9MZpipmWrPfQ8obo-Z3n9S8w@mail.gmail.com>
References: <CAPhkiZx=0Vr5p=7VZJD4PeD0ub-khSVMw3G03QhO8CC4xxm11A@mail.gmail.com>
	<CAGa2bXZTU5HzM4oXyiu0PnS=W2Oz1uLP_BnyWBUXyYUTO0tMYg@mail.gmail.com>
	<CAPhkiZz_d_wFPgwwYXJD-A+tz0Uf9KQ6uXNi1HhZGWFF1=W91A@mail.gmail.com>
	<CAGa2bXY86ri7b=rquo8Vbbh5ZoHOkwGBRoPWPup-SVPMu0WEgg@mail.gmail.com>
	<CAPhkiZyEqcx+UTPzpyYjz9pxWJnCNDO9pUMQNxvTpnrxmez9nw@mail.gmail.com>
	<CAGa2bXb5rLU26NDDHkWDw-FYf=vh2J=LAGFrqU3A3JJpOTY_dA@mail.gmail.com>
	<CAPhkiZyyXuqqybs+q8rnp_eJZDU0De2wMqwfv5mWiihr9GsueQ@mail.gmail.com>
	<CAGa2bXboo3CGOP9x+fW0Q98aniBcXejkGSJv5=qygL9ia67FbA@mail.gmail.com>
	<CAPhkiZzaTCE6sR=Rt=4VBmVOCo+uSQMREpf-fg6hWBrbCW+RXQ@mail.gmail.com>
	<CAGa2bXYWVoX_05BdS0M-V5G+B=4v-W-DPbWT8-vPrtd=gJtcCg@mail.gmail.com>
	<CAJ26g5TfiwjECNH_GbU6OCwCJdCCRJxKLUBL6wtw89XNo8P2eg@mail.gmail.com>
	<CAGa2bXbeucsEK2X1_wvtY_zMXs6guQAWxEMFhpjhyyOopq3sog@mail.gmail.com>
	<CAEZPtU6J01hP2+xjRUhTY9+rq9dTZyPOv9Mes_Xt0jiogsCE9w@mail.gmail.com>
	<CAPhkiZx3iUo=4cJYkB7KPcD8TMs79kvLBrnBdGUZ4YqTq-+h-Q@mail.gmail.com>
	<CAPhkiZx_ztbVXFm10_4MSQyqkBDYVqBiCmNBdF4k7N9fev5uLQ@mail.gmail.com>
	<CAGa2bXafxzFTMRfn16JNDgWm2tPQeuYE8cdqg9BbRsKSy3S1QA@mail.gmail.com>
	<CAPhkiZxO44Cj7h_NP-5_ZtixLuFoWJrtdPsRabJHP5yTOrCf5g@mail.gmail.com>
	<CAGa2bXbtMQ2cQoe-X1S=Ab05iS7yph9x6Kw5DjfsHdrNEjGF4w@mail.gmail.com>
	<CAPhkiZxdUFjWrRm7SAtagLmtZXPDbsXp9Cv13u2ChKLsuuxtgA@mail.gmail.com>
	<CAGa2bXZ458+diX3FFh3tw_W28y9MZpipmWrPfQ8obo-Z3n9S8w@mail.gmail.com>
Date: Fri, 14 Mar 2014 12:07:05 +0200
Message-ID: <CAPhkiZz8aH0H9-rJQxkQAzC_LgAPgy4c75uS74xiDZ_30H7DAA@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: Pierre Joye <pierre.php@gmail.com>, Patrick Schaaf <bof@bof.de>, 
	internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Re: Revert session_serializer_name(), session_gc()
From: narf@devilix.net (Andrey Andreev)

Hi Yasuo,

On Fri, Mar 14, 2014 at 3:30 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> Hi Andrey,
>
> On Fri, Mar 14, 2014 at 8:16 AM, Andrey Andreev <narf@devilix.net> wrote:
>>
>> > I think shared lock is useful. It requires additional work to change
>> > save
>> > handler interface and save handler code. It's a distinct feature from
>> > read_only. You can get status via session_status() if you need to know
>> > during execution. i.e. If session is started with read_only, you'll get
>> > PHP_SESSION_NONE status.
>>
>> This is a bug.
>> A read-only session is not a non-existing session.
>
>
> This is not a bug.
>
> session_start(['read_only'=>true])
>
> is the same as
>
> session_start();
> session_commit();
>
> It's much faster because no additional API call nor write to session
> storage.

This is broken, consider the following (multiple tab/ajax/whatever
concurrency) scenario:

Request1: session_start(['read_only' => TRUE]);
Request2: session_start(); unset($_SESSION['logged_in']); session_commit();
Request1: still logged in

^ This screams "danger".

It's also, redundant ... do you really believe you'd get +1 votes for
that feature if the voters were *really* aware that this would be just
an alias for (sesson_start() && session_commit()) ?
I don't think so. This is simply not what "read only" means which
makes this whole thing very misleading and if people who were supposed
to review the feature got confused by it, imagine what happens in
userland.

Cheers,
Andrey.