Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96387 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 30997 invoked from network); 16 Oct 2016 09:09:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Oct 2016 09:09:11 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:34459] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8D/97-59423-4B343085 for ; Sun, 16 Oct 2016 05:09:09 -0400 Received: (qmail 128730 invoked by uid 89); 16 Oct 2016 09:09:04 -0000 Received: from unknown (HELO mail-qk0-f178.google.com) (yohgaki@ohgaki.net@209.85.220.178) by 0 with ESMTPA; 16 Oct 2016 09:09:04 -0000 Received: by mail-qk0-f178.google.com with SMTP id o68so240888725qkf.3 for ; Sun, 16 Oct 2016 02:09:04 -0700 (PDT) X-Gm-Message-State: AA6/9RnRh0bnh/OJsKqCvmoFrVDAkTRkNbf3JXGB+iPq89LaEOlqkgLOr9PRGhqatJgzTO4eY97ycDEkqwaC8g== X-Received: by 10.55.121.131 with SMTP id u125mr1896088qkc.114.1476608938245; Sun, 16 Oct 2016 02:08:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.84.168 with HTTP; Sun, 16 Oct 2016 02:08:17 -0700 (PDT) Date: Sun, 16 Oct 2016 18:08:17 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Davey Shafik , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Fixing insane session_start() behaviors From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Davey and all, I was planning to fix session_start() behaviors by PHP 7.1, but I forgot to do this completely. Partial fix is merged currently. Following PR makes session_start() return FALSE when it cannot start session always. https://github.com/php/php-src/pull/2167 In short, this patch fixes number of session_start()'s insane behaviors. Original session_start() is designed to continue execution as much as it can. This design caused a lot of issues including number of crash bugs. We've removed most issues caused by this design, but session_start() behaves insane way. e.g. Return TRUE and initializes $_SESSION array for useless session, improper error messages, memory leak, etc. (Please verify phpt changes how this patch makes session_start() behave sane way) This fix may change app behavior. However, it changes behavior only when there is useless session which is fatal anyway. Therefore, it could be applied to PHP 7.1. IMO. What do you think? Regards, P.S. Sorry for late important bug fix. -- Yasuo Ohgaki yohgaki@ohgaki.net