Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:73154
Return-Path: <bof@bof.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58360 invoked from network); 14 Mar 2014 10:30:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Mar 2014 10:30:22 -0000
Authentication-Results: pb1.pair.com header.from=bof@bof.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=bof@bof.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain bof.de designates 80.242.145.70 as permitted sender)
X-PHP-List-Original-Sender: bof@bof.de
X-Host-Fingerprint: 80.242.145.70 mars.intermailgate.com  
Received: from [80.242.145.70] ([80.242.145.70:49131] helo=mars.intermailgate.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0A/E3-47923-C3AD2235 for <internals@lists.php.net>; Fri, 14 Mar 2014 05:30:21 -0500
Received: (qmail 2812 invoked by uid 1009); 14 Mar 2014 11:30:16 +0100
Received: from 209.85.216.171 by mars (envelope-from <bof@bof.de>, uid 89) with qmail-scanner-1.25-st-qms 
 (clamdscan: 0.96.2/18579. spamassassin: 3.3.1. perlscan: 1.25-st-qms.  
 Clear:RC:1(209.85.216.171):. 
 Processed in 0.086167 secs); 14 Mar 2014 10:30:16 -0000
X-Antivirus-MYDOMAIN-Mail-From: bof@bof.de via mars
X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(209.85.216.171):. Processed in 0.086167 secs Process 2798)
Received: from mail-qc0-f171.google.com (gmail@bof.de@209.85.216.171)
  by mars.intermailgate.com with RC4-SHA encrypted SMTP; 14 Mar 2014 11:30:16 +0100
Received: by mail-qc0-f171.google.com with SMTP id x13so2610655qcv.30
        for <internals@lists.php.net>; Fri, 14 Mar 2014 03:30:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=igWnxcIHTKPFTaBTlZtuZF4de7w8MVreQkW3zglfSTI=;
        b=eMIkU4ZuVaf7hxDqWWD9/0bbgbFX70D24aGpo1I3dG54UolOiPSRNrfqQyaVW+7pN+
         8qUk9Uzct1yq+TE2UkNSRBPZdSPpjF3DeSeY+JVVcwKI/nckRn8cCr91Z6KmboT3Asl8
         fp2KdipSGkeP1MuNwvHF3nvZZ4/UZmgG2JW8NecLrKB3StWuOlxHR1zT8jiKolSIJM8T
         EVVDqn0ONdCcwRO+8riF7i5z2r+Jl3YVHgaMAcXsuCk4iUlr2DRVDGOiy/Wz3ssqT4ML
         bsfjIIPEMoXQqndDPY7JlSGx3yLlm624DVSKrmB3ND1AA9p+DpswKtxFJvF4PE/HLj86
         dCzg==
MIME-Version: 1.0
X-Received: by 10.224.161.140 with SMTP id r12mr8756778qax.24.1394793014271;
 Fri, 14 Mar 2014 03:30:14 -0700 (PDT)
Received: by 10.140.41.208 with HTTP; Fri, 14 Mar 2014 03:30:14 -0700 (PDT)
Received: by 10.140.41.208 with HTTP; Fri, 14 Mar 2014 03:30:14 -0700 (PDT)
In-Reply-To: <CAPhkiZz8aH0H9-rJQxkQAzC_LgAPgy4c75uS74xiDZ_30H7DAA@mail.gmail.com>
References: <CAPhkiZx=0Vr5p=7VZJD4PeD0ub-khSVMw3G03QhO8CC4xxm11A@mail.gmail.com>
	<CAGa2bXZTU5HzM4oXyiu0PnS=W2Oz1uLP_BnyWBUXyYUTO0tMYg@mail.gmail.com>
	<CAPhkiZz_d_wFPgwwYXJD-A+tz0Uf9KQ6uXNi1HhZGWFF1=W91A@mail.gmail.com>
	<CAGa2bXY86ri7b=rquo8Vbbh5ZoHOkwGBRoPWPup-SVPMu0WEgg@mail.gmail.com>
	<CAPhkiZyEqcx+UTPzpyYjz9pxWJnCNDO9pUMQNxvTpnrxmez9nw@mail.gmail.com>
	<CAGa2bXb5rLU26NDDHkWDw-FYf=vh2J=LAGFrqU3A3JJpOTY_dA@mail.gmail.com>
	<CAPhkiZyyXuqqybs+q8rnp_eJZDU0De2wMqwfv5mWiihr9GsueQ@mail.gmail.com>
	<CAGa2bXboo3CGOP9x+fW0Q98aniBcXejkGSJv5=qygL9ia67FbA@mail.gmail.com>
	<CAPhkiZzaTCE6sR=Rt=4VBmVOCo+uSQMREpf-fg6hWBrbCW+RXQ@mail.gmail.com>
	<CAGa2bXYWVoX_05BdS0M-V5G+B=4v-W-DPbWT8-vPrtd=gJtcCg@mail.gmail.com>
	<CAJ26g5TfiwjECNH_GbU6OCwCJdCCRJxKLUBL6wtw89XNo8P2eg@mail.gmail.com>
	<CAGa2bXbeucsEK2X1_wvtY_zMXs6guQAWxEMFhpjhyyOopq3sog@mail.gmail.com>
	<CAEZPtU6J01hP2+xjRUhTY9+rq9dTZyPOv9Mes_Xt0jiogsCE9w@mail.gmail.com>
	<CAPhkiZx3iUo=4cJYkB7KPcD8TMs79kvLBrnBdGUZ4YqTq-+h-Q@mail.gmail.com>
	<CAPhkiZx_ztbVXFm10_4MSQyqkBDYVqBiCmNBdF4k7N9fev5uLQ@mail.gmail.com>
	<CAGa2bXafxzFTMRfn16JNDgWm2tPQeuYE8cdqg9BbRsKSy3S1QA@mail.gmail.com>
	<CAPhkiZxO44Cj7h_NP-5_ZtixLuFoWJrtdPsRabJHP5yTOrCf5g@mail.gmail.com>
	<CAGa2bXbtMQ2cQoe-X1S=Ab05iS7yph9x6Kw5DjfsHdrNEjGF4w@mail.gmail.com>
	<CAPhkiZxdUFjWrRm7SAtagLmtZXPDbsXp9Cv13u2ChKLsuuxtgA@mail.gmail.com>
	<CAGa2bXZ458+diX3FFh3tw_W28y9MZpipmWrPfQ8obo-Z3n9S8w@mail.gmail.com>
	<CAPhkiZz8aH0H9-rJQxkQAzC_LgAPgy4c75uS74xiDZ_30H7DAA@mail.gmail.com>
Date: Fri, 14 Mar 2014 11:30:14 +0100
Message-ID: <CAJ26g5STp=DeJ7u9k2Z97HG2+qG+knXOJ_7L1srtU03Ca3u_1Q@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: internals <internals@lists.php.net>, Pierre Joye <pierre.php@gmail.com>, 
	Yasuo Ohgaki <yohgaki@ohgaki.net>
Content-Type: multipart/alternative; boundary=089e0153742e26a9ce04f48e8eb3
Subject: Re: [PHP-DEV] Re: Revert session_serializer_name(), session_gc()
From: bof@bof.de (Patrick Schaaf)

--089e0153742e26a9ce04f48e8eb3
Content-Type: text/plain; charset=ISO-8859-1

Am 14.03.2014 11:07 schrieb "Andrey Andreev" <narf@devilix.net>:
>
> This is broken, consider the following (multiple tab/ajax/whatever
> concurrency) scenario:
>
> Request1: session_start(['read_only' => TRUE]);
> Request2: session_start(); unset($_SESSION['logged_in']);
session_commit();
> Request1: still logged in
>
> ^ This screams "danger".

That is _not_ broken WRT sessions themselves, because the readonly session
of request 1 will not be permitted to change session data (it is readonly)
and as such the situation is the same as if request 1 completed before
request 2 started.

It _is_ broken when the session lock is "misused" as a lock wrt. other,
nonsession data / database modifications / whatever else. In that case,
using the readonly session feature or any other kind of different-lifetime
session lock scheme is bad for the application - don't do that then.

best regards
  Patrick

--089e0153742e26a9ce04f48e8eb3--