Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:85263
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12099 invoked from network); 20 Mar 2015 02:53:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Mar 2015 02:53:38 -0000
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.21 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.21 mout.gmx.net  
Received: from [212.227.17.21] ([212.227.17.21:49396] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 74/B6-25408-0BB8B055 for <internals@lists.php.net>; Thu, 19 Mar 2015 21:53:37 -0500
Received: from [192.168.0.101] ([91.67.244.80]) by mail.gmx.com (mrgmx103)
 with ESMTPSA (Nemesis) id 0LvlWS-1ZbfFY1vbg-017XJS; Fri, 20 Mar 2015 03:53:32
 +0100
Message-ID: <550B8BB4.3040007@gmx.de>
Date: Fri, 20 Mar 2015 03:53:40 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <CAGa2bXb2qm3Y0S_dVDe+Orh6kbuuQOOgLNc_VwycZCCiSxPZ2w@mail.gmail.com> <CAGa2bXa1Z0_9eMhYY7nmCWM1+DDAMOtQZrtPpsK3vVz_wuJ9Yw@mail.gmail.com>
In-Reply-To: <CAGa2bXa1Z0_9eMhYY7nmCWM1+DDAMOtQZrtPpsK3vVz_wuJ9Yw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID:  V03:K0:AucAeEhycw55+5SbVwtj7bidWJWTBVHQfG+rFiaxwFAv7RR07Bb
 a2FTk4Tg8xvNSI2TPwA8X3QEcC/i+cVNVGzoSsWx+JH1DvxRI6rA+CbJlf36034s9Oi94zM
 kLGFFEhQIil/HXEGW5JotXaxZ4cgSA9gLqE677sehd7Zi6Qm5ab9jy0ZhJaorEIzhQdlGnX
 Ph02IK7O2Fs0K0/W1iNGw==
X-UI-Out-Filterresults: notjunk:1;
Subject: Re: Bug #69127 session_regenerate_id(true) randomly generates awarning
 and loses session data
From: cmbecker69@gmx.de (Christoph Becker)

Yasuo Ohgaki wrote:

> On Sun, Mar 1, 2015 at 1:53 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> 
>> There are too many things that I would like to improve ;)
>>
>> https://bugs.php.net/bug.php?id=69127
>>
>> This bug is known fatal bug for session module. I proposed "lazy_destroy"
>> to fix
>> this before, but it declined.
>>
>> I think the name was wrong. With the proposal, session module destories
>> session data with lazy manner, but it's actually precise manner. i.e.
>> Session
>> module and browser is _not_ synced, so destroy must be done async manner
>> (~= lazy manner. For example, delete session data 60 seconds later).
>>
>> The reason why session_regenerate_id(true) fails is it deletes session
>> data
>> immediately even if session and browser is not in sync. Session and
>> browser
>> cannot sync because there is no means in HTTP/Cookie.
>>
>> Is there any other better idea for this?
> 
> I've updated old RFC for this bug fix.
> 
> https://wiki.php.net/rfc/session_regenerate_id
> 
> I would like to start discussion shortly. If anyone would like to comment
> now,
> I appreciate it.

The RFC mentions PHP 7.0 as proposed PHP version.  Have you considered
the "PHP 7.0 timeline" RFC[1]?  As I understand it, any RFC put up to
vote after 2015-03-15 cannot target PHP 7.0.

Then again, if this will be considered a bug fix, an RFC would not be
necessary at all (if I'm not mistaken).

[1] <https://wiki.php.net/rfc/php7timeline>

-- 
Christoph M. Becker