Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91880
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 37807 invoked from network); 23 Mar 2016 20:45:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Mar 2016 20:45:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.181 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.192.181 mail-pf0-f181.google.com  
Received: from [209.85.192.181] ([209.85.192.181:33322] helo=mail-pf0-f181.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0B/00-36618-66003F65 for <internals@lists.php.net>; Wed, 23 Mar 2016 15:45:26 -0500
Received: by mail-pf0-f181.google.com with SMTP id 4so39409729pfd.0
        for <internals@lists.php.net>; Wed, 23 Mar 2016 13:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:cc:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding;
        bh=vM4P5YWoedNb7nCoGzhcnyZ/sR2DmCi8AxHPlpB61aE=;
        b=LFnFBdWHGs2TE8tSpRB8UVafht6Zs/HzYVWxgVy2+GNx+n91F9080eIxLcVwNkJCJe
         XdV+/TFBr8fA51UI3EwX7aayWWDTg/ht4IF0pI9dWJRL3VeKh3MnDX2WuLLJ/3wMA5f7
         E5hhT+Wi7TRatcSXyRBI7NWgqCYVt6FR0a3IN7+DyKG9pKNDqoAaQj6RO7EYmQBiaA1C
         /4+N2JJsd7vwDobteshYqaV4DMJRX/iAfUEk0KevgTYeGm2Cuoe9HMSzHMiMzNqH3HnW
         iJClgp6PtC1MwBlI0Q/5C0aexzKgdKdKR1v+MlRg4oX7c18Ou0Orbtm+168vlE2g5Yf4
         JXsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:cc:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=vM4P5YWoedNb7nCoGzhcnyZ/sR2DmCi8AxHPlpB61aE=;
        b=ZRekCM+4HnlVjpRgqvQEsgUASqV6LGdQha0zcwHR1g49f7wb24H/9fZruyu2uxYcBH
         tnJhpW1T12o5tObFgMpX4c6XIEqXLG0Tjtk+rm3FvtWO0hAhhGpgNYmMMBSsWZR6MhGN
         l5lWmpVKVlNO/CNxOpuccyrrvfPB+0xs87JV7V0hrIIlOjQqbMq/3S6eP1yYGok+GtKH
         ZrVAK75mQU5wWqAuKzSaXmMmX9HT5hb+UdOu2vEQeBgpmwu47D3JDd4HSuPVfvaLQDXG
         kIRLXaOSw+udCCCL3hg1K/WnQHjCclLduMAwS2UN10pZ9bKCZA5gZMAErWI0Nk+xeKHM
         IXlA==
X-Gm-Message-State: AD7BkJLH8EbV5VWRxT9joBL4XDXxqUemXCAe6eJ/ES5/XQVxebkS9lKWeyIywPCMFtSf5w==
X-Received: by 10.98.70.197 with SMTP id o66mr7220873pfi.84.1458765922977;
        Wed, 23 Mar 2016 13:45:22 -0700 (PDT)
Received: from Stas-Air.local ([2602:304:cdc2:e5f0:9dd:99b7:ef4b:36ef])
        by smtp.gmail.com with ESMTPSA id ux2sm6144013pac.46.2016.03.23.13.45.20
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 23 Mar 2016 13:45:21 -0700 (PDT)
To: Yasuo Ohgaki <yohgaki@ohgaki.net>, Andrey Andreev <narf@devilix.net>
References: <CAGa2bXZqCd4g5BwzRxWsVw351G_o1+AkhGq3cdyKhUW39rm4Tg@mail.gmail.com>
 <56F1A28F.90000@pascal-martin.fr>
 <CAPhkiZyn1hh_kdR5sMCxHSw+=kabiPerNT8Y3o8-h6u9d45wNA@mail.gmail.com>
 <CAGa2bXaWFqM3n4swF8bpVNXo6vzCipSpJXgjBq2_xd1ou6TgMw@mail.gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Message-ID: <56F30047.3090707@gmail.com>
Date: Wed, 23 Mar 2016 13:44:55 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAGa2bXaWFqM3n4swF8bpVNXo6vzCipSpJXgjBq2_xd1ou6TgMw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC][VOTE] Precise session management
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> Offending features may be disabled/changed by INI settings. I think it ok
> to say pretty much no BC issue.

I think this approach will lead us into problems. "It may be disabled by
INI setting" does not mean the problem does not exist (and btw not
everything that changes can be disabled AFAIR). Most BC breaks have
workarounds, but they still are BC breaks. Moreover, some of the changes
are default changes, which means basically users will have to undo what
this RFC does - if we think they'd have to do it, why change it in the
first place?

I also feel that sheer size of this RFC, the fact that it tried to fix
many unrelated issues, and amount of changes it brings leads to the
situation where people don't really discuss it properly but instead rely
on claims in the RFC that everything is fine, because it is very hard to
properly consider changes of this size with this many moving parts. At
least the discussion on the list was rather scarce as far as I can see.

> The difference that user/3rd party save handlers will see is an additional
> array in session data. The additional array should not cause any problems
> with session save handlers.

The change is not limited to additional data. This additional data is
active - it controls how sessions are supposed to behave. All these need
to be updated when something happens, all these need to be checked,
validated and user for various logic on various stages of session
lifetime. So saying "it's just some additional data, nothing of it" is
not true - it's not just data. Maybe everything is still OK with the
session handlers - but this needs to be thoroughly verified, it does not
come for free.
-- 
Stas Malyshev
smalyshev@gmail.com