Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90924 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63754 invoked from network); 25 Jan 2016 21:02:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Jan 2016 21:02:14 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.171 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.160.171 mail-yk0-f171.google.com Received: from [209.85.160.171] ([209.85.160.171:34802] helo=mail-yk0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 63/D3-29383-25D86A65 for ; Mon, 25 Jan 2016 16:02:10 -0500 Received: by mail-yk0-f171.google.com with SMTP id a85so176485955ykb.1 for ; Mon, 25 Jan 2016 13:02:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=EgrZw+WM5gAfiG6Iv/1R2cjJVZTBwGZ+73/eBpGbDXI=; b=yGQidw0xEELLKIILJ+8A25tp2xVcTQVT5jyYdhHuJzov8iJ27uP8MpizvAd4CfPctN Vkn5d2kj3GQbUxUkr3N9VI4synLUYs8IT51rtQXIM39mXmVC8jw8mtQFDMYcHMlqFNq8 Hf44QNBtw9e9BUrk/fSmgidqW/SNPRVnd+WvvUjQuQGlUQbsy/xS+IlmGaM2uJd/skvm tcg91F4c+jiOxbhQwz3CL4uiqoHGETbkUt0C28YRWJE9GjE5SH8hbk9ACRc6sFa8cuC+ aNeDlmpmT4rR8jFxyJjfsiIn+d7Bq8aPlQ+RihDzHAOKGmjJPSc0Gxrlor/j1DR/Z3VL XB7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=EgrZw+WM5gAfiG6Iv/1R2cjJVZTBwGZ+73/eBpGbDXI=; b=cptv5ZZw/m1PuRVP9/hscfvEhBDURW2LsC8B8jN2XHj9wSeobclpXdbGJJtiMDP6XY 92YktdRxiAl94m8rw/h3fqAQjhssePje1jcsyd9Zt2IwGmUbn5uwSoNXwbznfICJBFvg +6YT2FppmSm0VNhSsfTLB8V4s2HhIJxp8D00vW77KDqMznUud4eMMwP0hWeQFrObBsX4 9IOx+thLTRy+hSJUGDhVJbTgN8q0bN1BPg2wtlOm6vCgYNH2an/iXWwmalLSJjsUH9ry kNjqJR8A8XUOGzZdt+rmoqGIAYYbouiGtdAi+NhOJfBbvaLHOYtRZWfkERol/kHbWChE ChVg== X-Gm-Message-State: AG10YOREavOp6KSs/9t5C86pb/FPFyaVxaKK9nA3XQWXwdeHdGBoaWVG9tcQ4lCXLSIYRgNzwkGJ/kW6nEkV2Q== X-Received: by 10.129.60.12 with SMTP id j12mr10886815ywa.86.1453755726608; Mon, 25 Jan 2016 13:02:06 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.129.88.139 with HTTP; Mon, 25 Jan 2016 13:01:27 -0800 (PST) In-Reply-To: <56A1054A.5080102@fedoraproject.org> References: <03a501d15439$fcbf9ca0$f63ed5e0$@php.net> <56A1054A.5080102@fedoraproject.org> Date: Tue, 26 Jan 2016 06:01:27 +0900 X-Google-Sender-Auth: A4jbzyZTQxjohfN8nEmRtDis87M Message-ID: To: Remi Collet , julien pauli , Ferenc Kovacs Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] PHP 7.0.3 RC1 is available for testing - **** BC break *** From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Remi and all, On Fri, Jan 22, 2016 at 1:20 AM, Remi Collet wrote: > Fedora detected a BC break in 5.6.18RC1 and 7.0.3RC1 related to > session management. > > This update breaks: > > Horde_SessionHandler (2.2.6) and symfony (2.7.9) Thank you for notifying issue. Remi provided reproduceble phpt for this test failure and found out the cause of test failure. I really appreciate your help! Anyway, the cause was bug fix for "session_start() returns TRUE even when failures". Details for this specific case is following. Newer session cache limiter has php_session_abort() static int php_session_cache_limiter(TSRMLS_D) /* {{{ */ { php_session_cache_limiter_t *lim; if (PS(cache_limiter)[0] == '\0') return 0; if (PS(session_status) != php_session_active) return -1; if (SG(headers_sent)) { const char *output_start_filename = php_output_get_start_filename(TSRMLS_C); int output_start_lineno = php_output_get_start_lineno(TSRMLS_C); php_session_abort(TSRMLS_C); <<<<<<<<<< This is the cause if (output_start_filename) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cache limiter - headers already sent (output started at %s:%d)", output_start_filename, output_start_lineno); } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cache limiter - headers already sent"); } return -2; } This is added because when session cannot be started, then it should fail. This fix is related to https://bugs.php.net/bug.php?id=71243 The php_session_abort() is not directly related to this bug, but this (and other fixes) is added because session_start() returns TRUE even when it fails/ should fail. Note: PHP 5.6's session_start() return value fix is not perfect to keep save handler compatibility which is a big one. PHP7 should return FALSE for session_start() failures always by the fix. Fixing the broken test should be just removing the php_session_abort() from php_session_cache_limiter(). The reason why it aborts is because it does not make sense to create and/or write session data even when client does not get the session ID. Note: session ID cookie is sent only when it is needed. i.e. New session. I think it does not matter much for session module & users if we remove the php_session_abort() or not. PHP 5.6's session_start() returns TRUE for session read error which is fatal, anyway. Being strict for this case does not worth much. Whichever is perfectly OK to me for PHP 5.6. For PHP 7.0, I would like to keep stricter behavior, but do not care much. How we handle this is up to release managers, since this fix is valid one even if it broke test on failure case. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net