Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:92396 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81168 invoked from network); 18 Apr 2016 07:40:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Apr 2016 07:40:50 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.172 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.172 mail-pf0-f172.google.com Received: from [209.85.192.172] ([209.85.192.172:34722] helo=mail-pf0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 59/50-11975-28F84175 for ; Mon, 18 Apr 2016 03:40:50 -0400 Received: by mail-pf0-f172.google.com with SMTP id c20so78171904pfc.1 for ; Mon, 18 Apr 2016 00:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=m7UfW6K5fRSwmc6nvvgfB6gIrUK3nsn9sQUZJXj1ZkU=; b=ZhBqD3DOPAi6rlMdx7YYQsH56ftXnVCeiKXWWq92mxgEoZ1vsVN95uv+7VqFTTiZvb z8egBJ2RKCmCnsIh0Fq+pjd2/JYs4isqymImq1rNthqKQCGrWwQjetfiyJHszezmR8W6 eG+SumBWUHLhItrCC3ILk4IyRByRyirSS5McroiYpM7qqX8GN7Erm3O2TnFGi6og9ph5 kq0NsCynZ77t4ES90pbthAS3uFdu/YrVo1wfdPzIE1PgDAtHQ9YsWcyzkv0f/NmScD52 T4XrV4iX50OTJn5DJHz5Oenc7LwOJHbE2TTTiD1UnHkAW6J+sABgfBLDbmeFr/U/fZYt lGPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=m7UfW6K5fRSwmc6nvvgfB6gIrUK3nsn9sQUZJXj1ZkU=; b=Cvlw4if4eDNPjwU1g1+rS8+ltugV5oQMhYX2WHsxUD08FQ2skhV4AovPtee/SoK2lZ 9RMm0qooAyxcDR1drnw/d1+6ysc87QTHm3qzWzmkNaNP+6aZ6RmmHaz+a8PmneXhmdsU 6sKIl0h7fycz9eSf5XWLJeI1iY3ajRgSkuN4Y/CugbG8V1/e8R+rXQqKTQk3jGRwwzPl UCZ+ojsO+fvn4QDccUDizcUgzAp5SEE4MvMot91A4AiIVEztXdVjdCqdIfgBl5m6Fmtj +I4LkkBZcivjhwDBeDBHcH+BO2ZiWtfQDVA+eftBSPny7SuHJ2iD2foMXjmKyTWYoFNJ uipg== X-Gm-Message-State: AOPr4FW/NMAwen4SHl9ivfU3lFmG28MISrfVeQ+rmizIeET6nzYhEQdplLnn30ljIIy3wQ== X-Received: by 10.98.8.91 with SMTP id c88mr47809188pfd.47.1460965247372; Mon, 18 Apr 2016 00:40:47 -0700 (PDT) Received: from Stas-Air.local (76-220-46-95.lightspeed.sntcca.sbcglobal.net. [76.220.46.95]) by smtp.gmail.com with ESMTPSA id y7sm81282741pfa.82.2016.04.18.00.40.44 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 18 Apr 2016 00:40:45 -0700 (PDT) To: Yasuo Ohgaki References: <570D2F74.7060702@gmail.com> <57115F42.2030502@gmail.com> Cc: "internals@lists.php.net" Message-ID: <57148F7C.1070104@gmail.com> Date: Mon, 18 Apr 2016 00:40:44 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC][Discussion] Add session_gc() From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > Probability based GC is unreliable and can reactivate very old sessions > without "Precise session management RFC" and you opposed the RFC. You know why I opposed the RFC - because it had huge number of things packed together, some of which I agree with, some of which I disagree and some of which I agree in principle, but would like to do in other ways. I thought that the RFC would be much better to split up, and was arguing so, but you decided it is better to proceed with everything as one package, which is your right as RFC author, but it failed. So now it is time to consider it piece by piece. I think session_gc() would be a good addition, but I oppose the idea that it should be the *only* method of GC. Many sites would have hard time working with this method, either because of not having cron access or not being able to configure it correctly, and would just resort to implementing probabilistic GC anyway, introducing myriad of bugs on the way. And the fact is, for most sites probabilistic GC works nicely. Only sites that have very low traffic and very short session lifetimes would have any issue with probabilistic GC. If you have a site with 10 requests per second, and have GC with probability of 1%, then it is functionally equivalent of doing manual GC once per 10 seconds. Of course, you don't know when exactly, but a) cron doesn't exactly guarantee precise timing either and b) I do not see why it would be so important for a common application if the session is cleaned up after 10 or 12 seconds. There are other questions with regard to old sessions - but those are not very relevant to GC model so I do not discuss them here. We can discuss them separately. > Reactivating obsoleted/should be deleted session is wrong simply. > Why users shouldn't matter? I never said "users shouldn't matter", so please do not ascribe it to me. Of course users matter, that's why we are doing all this. The question is how to help them. I appreciate that you think manual GC is superior, and I fully support inclusion of that option into PHP. What I however can not support is to make this the only option, contrary to what worked in PHP for nearly two decades. I want both your opinion and opinions different from yours to be accommodated, and to that goal I propose to support both ways to do GC and let the user choose which one is best for them. -- Stas Malyshev smalyshev@gmail.com