Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73365 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 41828 invoked from network); 23 Mar 2014 18:21:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Mar 2014 18:21:44 -0000 Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain devilix.net from 209.85.213.47 cause and error) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.213.47 mail-yh0-f47.google.com Received: from [209.85.213.47] ([209.85.213.47:33777] helo=mail-yh0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6C/21-32182-D162F235 for ; Sun, 23 Mar 2014 13:21:43 -0500 Received: by mail-yh0-f47.google.com with SMTP id 29so4363718yhl.34 for ; Sun, 23 Mar 2014 11:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CTXdGZrTXGINA6Yq5dVLAuDpnSSFtzd0+tuzvCYNLhg=; b=rXzgyu2fP99X75yvjA9nEALM4fUCQ+GZBqOstc8UoMobh0vBHL9xs+BlyQ+iTqXVcM yuRgn3/BiU48kvSAQlNO997CnUAPxkLXbqoUMGiYZT0QwFSVGur7VJetLfqO79RKJWi3 lEyHqq6nCrsZdqJ7dhjjq1gppvsRdeGIutoMA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=CTXdGZrTXGINA6Yq5dVLAuDpnSSFtzd0+tuzvCYNLhg=; b=FQDLT26tO3BR8+JZgbcGo8mxQpva1XTdCoEbjrNDY/xpwyrRV2fNRCpky19EH8l+Yb ApCINSADhdwP0wwbCTA8kUI0FNR1rPt4yF2x475EOAzchWwSlyFqWPloCDIOU2VC9TH3 uDiVbiblRJZVA2Te3008YWBiLCvhr44rbqbfQ0/45FJP3BQ+XQDP1K90gQmjranw4HAa 7CZatqYiLv0peerFSrJcO6DX3/83+8eWumSQSnFiz3NCv7rT6aRppBk5LUIFo+++nk5C aoDrwOUUVVSlo4EmnDlYjhsU2yMyd24xfatRZeOvqPcXJ/yKbHUXmpM5N9YN2fxqvKbJ SZZQ== X-Gm-Message-State: ALoCoQnjALWEzjyjUrcdFrPsBfQNNYj8GnqSk1vvFdnZIYDpllLlXcb9DrIpp5FX9oFsBUQKjLQA MIME-Version: 1.0 X-Received: by 10.236.231.101 with SMTP id k95mr59299728yhq.34.1395598874636; Sun, 23 Mar 2014 11:21:14 -0700 (PDT) Received: by 10.170.188.139 with HTTP; Sun, 23 Mar 2014 11:21:14 -0700 (PDT) In-Reply-To: <002f01cf4669$6e3b1570$4ab14050$@devtemple.com> References: <002f01cf4669$6e3b1570$4ab14050$@devtemple.com> Date: Sun, 23 Mar 2014 20:21:14 +0200 Message-ID: To: Bill Salak Cc: Yasuo Ohgaki , internals Content-Type: text/plain; charset=UTF-8 Subject: Re: session_start read_only From: narf@devilix.net (Andrey Andreev) Hello, On Sun, Mar 23, 2014 at 9:28 AM, Bill Salak wrote: > // $_SESSION['logged_in'] has been set in a previous request > Request 1: session_start(['read_only' => TRUE]); > Request 2: session_start(); unset($_SESSION['logged_in']); session_write_close(); > Request 1: if ($_SESSION['logged_in']) { /* logic */ } // evaluates to TRUE > > works the same way today that you describe as a problem, if I'm not mistaken. > > - Request 1 locks the session and Request 2 waits. > - Request 1 finishes and unlocks the session. > - Request 2 can now get on with its work. My example shows that Request 1 completes after Request 2, and that's not the same thing. There were already multiple comments on that example and it turned out not to be as clear as I thought. I'm working on an updated version of the RFC, which would also provide a better example. > I initially suggested this "read_only" feature to Yasuo (as he has implemented it today) in order to solve this blocking wait time problem. The use case I wanted a solution > for is common in the applications I design/work-on/see today which is modular AJAXy/independent access to PHP sessions, i.e. "is this user logged in and allowed to call this thing?" > In these use cases I often know I just need to read the session data and will not write to it therefore I just want the lightest, quickest read-and-release-session process possible for > near-concurrent access to reading the session. Actually writing+reading to a session (or any datastore for that matter) becomes a synchronicity issue which is fundamentally at odds > with a codebase designed around asynchronous access to state and needs to be solved for by the application architecture/design in those situations that need to have that sort of > protection. In other words, I believe the example problem use case you've posed is an application design problem not a language level issue IMO. It is a design problem, but the 'read_only' name is highly misleading (especially for an option to session_start()), which is a language (design) level issue. It's a nice feature, but should be accessible through better API. > On a related note, your suggestion of a "true read only" implementation would presumably either throw an error on attempt to write to a session that was locked as "read only" or > would act as sessions act today, which is to say, wait for the session to unlock before writing to it. My gut reaction is that neither of these are better than what we have today but > the conversation is young and I'm interested to hear more. That's a description of what the "read-only" term means, and hence - why naming the current feature "read_only" is misleading. Whether "true read only" is implemented or not is not what I'm interested in right now, I'm not pushing for it. > One last point, the ability to "configure" a session through an array of options is very useful from an end-user code design point-of-view. Moving the ability to start a session as read > only to a separate function call than I would use to start a session otherwise forces choices in code design that can otherwise be much more elegantly handled through the use > of a single function with a configuration parameter. I love the ability to pass options to session_start(). :) What I don't like is that session_start($options) could mean that the session is closed immediately, it's counter-intuitive. Cheers, Andrey.