Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97284 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 98577 invoked from network); 5 Dec 2016 13:52:35 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Dec 2016 13:52:35 -0000 Authentication-Results: pb1.pair.com header.from=ocramius@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ocramius@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.210.182 as permitted sender) X-PHP-List-Original-Sender: ocramius@gmail.com X-Host-Fingerprint: 209.85.210.182 mail-wj0-f182.google.com Received: from [209.85.210.182] ([209.85.210.182:34910] helo=mail-wj0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EF/02-11772-22175485 for ; Mon, 05 Dec 2016 08:52:34 -0500 Received: by mail-wj0-f182.google.com with SMTP id v7so290835894wjy.2 for ; Mon, 05 Dec 2016 05:52:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=w7cXtZWnIcKwVTT2dCxtjJuiM0FWFXRRDOLxEMswhss=; b=VNL76g9aND27Q3oN6x6ua4ZPkAT7LaDOIA12HjkwgW0QQOSO5vsyep5hGIubKrqL4p raZV1S0NdHoxSd3nP7mqkcZLPY23aHcKqn79njhUjPyGLOZFtLbKErH8o6ubJlf2l+nM eKShCYF5o9kQzIFxA33n7LukSNiQz7vxexXfzSD+Xp0fLzHQVxVQnsGkf5QFuBJwzUlY e8sw9s/rb9Wr2skwhE+sW19vGmjOk4r7tWHJhTiL2bZ4BTRPZiRVHux/lnOWPcI+3TTF Z3D4w5aAPZ4pJFsWbYU0N1bO9t45c6YVPqn79rcIQ2eLnuR2hvW56y9CygrvB0mxnN+z apNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=w7cXtZWnIcKwVTT2dCxtjJuiM0FWFXRRDOLxEMswhss=; b=k2/ztEZRjVWspy3zcNbWbr/fU7oNdlCEEtFXLte+mKefns8UBlKUKjK5QhuImI6fQR NmSCPoR/IfJHQPiAROctjXusWHaD6Xx6XJduDtrmY8k9jzBtvaoyso0+bGRkc6O3Hxlp 1IcqNjtJ9+cym97+1VBoC+G88rQfADtPRllX1Oqq1AteMfV+WYVi7lpeb7zHJ7ImHqVL D/K3whuedSD81NGnvtCK15eoOTRUS6ZD2LEwt1gvXGzvK7WrCplH5FH0BTnRAYNVelz1 +0qgbPS0HvS2KOkKxp2yNV0hk2vOxW5LUkQAYOb4PHTLOsFCEXdcl+ILtZABasA9FAsU UysA== X-Gm-Message-State: AKaTC009AWg6afjgNO+Pl6UA4xHcaHvpa9Dr2S7q1BDpGro6SvIxRhcEGhBlUrdSmVm0CFxSdT+4+AL/JNSrPQ== X-Received: by 10.194.96.135 with SMTP id ds7mr50493718wjb.29.1480945950826; Mon, 05 Dec 2016 05:52:30 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.173.106 with HTTP; Mon, 5 Dec 2016 05:52:10 -0800 (PST) In-Reply-To: References: Date: Mon, 5 Dec 2016 14:52:10 +0100 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=089e0103e04e54aacb0542e9996c Subject: Re: [PHP-DEV] [RFC][VOTE] User defined session serializer From: ocramius@gmail.com (Marco Pivetta) --089e0103e04e54aacb0542e9996c Content-Type: text/plain; charset=UTF-8 On Mon, Dec 5, 2016 at 4:31 AM, Yasuo Ohgaki wrote: > Hi Marco, > > Thank you for explaining the reason why! > > On Mon, Dec 5, 2016 at 11:12 AM, Marco Pivetta wrote: > > I voted "no" because I don't see any advantage over using a custom > session > > save handler, besides adding more API that partially covers custom > session > > save handlers. > > You mean current OO custom save handler, I suppose. > Yes > Firstly, current OO custom save handler design (use of previously used > internal save handler as its base class) is not good. Overriding > open()/close()/etc are useless, moreover harmful. Number of bugs > proved it is not good. > Number of bugs? In which adapters? There are well tested session savehandlers out there, and I'd trade a userland bug for an internals bug anytime. > Secondly, the only use case, that current OO save handler design is > useful, is read()/write() override to encrypt/validate session data. > What does this RFC do that a custom session savehandler *CANNOT*? > Thirdly, I fixed _many_ of current OO API bugs, but fixing them all is > impossible by design. > It would need a deprecation of the current session module, and a replacement with a newer, cleaner API. > Current OO save handler API is wrong in many ways and should be > deprecated and replaced by clean OO API as mentioned in the RFC. > > Is there any good reasons to keep problematic API for good? > There is a problem with adding a half-feature to fix half the problem, and then having to deprecate this half-feature when the new full solution is actually replacing it in a correct way. > > This is just confusing, in my opinion, and the API can be replicated in > > userland with a custom session save handler decorator instead. > > I may be too familiar to session module. I don't understand what's > confusing. Session module has 2 distinct submodules for saving and > serializing data. These have different tasks. > It is confusing that we now have two ways of passing down serializers for sessions. The Redis session savehandlers already use igbinary where applicable, for example, so why do I need to have a second equivalent API? Providing a userland base session savehandler with pluggable serializers (written in PHP, not in C, please!) is a much better idea. The RFC allows to save session data in whatever format. e.g. > XML/JSON/BSON/etc. This is _impossible_ by save handler submodule Savehandlers even save to flat DB tables, so I'm not understanding what is being explained here... Even in the docs, the first example shows how to add encryption to a custom savehandler: https://secure.php.net/manual/en/class.sessionhandler.php Adding a custom serialization is as simple as an `unserialize()` + custom serializer call (Yes, I can already hear all those microseconds screaming! The horror!) Marco Pivetta http://twitter.com/Ocramius http://ocramius.github.com/ --089e0103e04e54aacb0542e9996c--