Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97323 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 6125 invoked from network); 7 Dec 2016 20:07:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Dec 2016 20:07:54 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:37984] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A9/ED-11772-71C68485 for ; Wed, 07 Dec 2016 15:07:53 -0500 Received: (qmail 97348 invoked by uid 89); 7 Dec 2016 20:07:47 -0000 Received: from unknown (HELO mail-wj0-f180.google.com) (yohgaki@ohgaki.net@209.85.210.180) by 0 with ESMTPA; 7 Dec 2016 20:07:47 -0000 Received: by mail-wj0-f180.google.com with SMTP id v7so371195671wjy.2 for ; Wed, 07 Dec 2016 12:07:47 -0800 (PST) X-Gm-Message-State: AKaTC03PqP29/WTDzINJhZg7AUiwv1gzI66uf4rcLbFAA+uY/bgScYlQHAjf71wVg91ZRuPm1PmPCT+rKgkfMg== X-Received: by 10.194.174.229 with SMTP id bv5mr61162002wjc.21.1481141261161; Wed, 07 Dec 2016 12:07:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.38.7 with HTTP; Wed, 7 Dec 2016 12:07:00 -0800 (PST) In-Reply-To: <70.0A.11772.8B1E7485@pb1.pair.com> References: <70.0A.11772.8B1E7485@pb1.pair.com> Date: Thu, 8 Dec 2016 05:07:00 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Tony Marston Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC][VOTE] User defined session serializer From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Tony, On Wed, Dec 7, 2016 at 7:17 PM, Tony Marston wrote: > "Yasuo Ohgaki" wrote in message > news:CAGa2bXYaX05JbJAvyxfSJyy6xiA+4u14NPFGYwScL4aoOFQGhw@mail.gmail.com... >> >> >> Hi Marco, >> >> Thank you for explaining the reason why! >> >> On Mon, Dec 5, 2016 at 11:12 AM, Marco Pivetta wrote: >>> >>> I voted "no" because I don't see any advantage over using a custom >>> session >>> save handler, besides adding more API that partially covers custom >>> session >>> save handlers. >> >> >> You mean current OO custom save handler, I suppose. >> >> Firstly, current OO custom save handler design (use of previously used >> internal save handler as its base class) is not good. Overriding >> open()/close()/etc are useless, moreover harmful. Number of bugs >> proved it is not good. > > > I have been using session_set_save_handler() since 2002 to store all session > data in a database, and I have never encountered any problems. Why is it > "not good"? What bugs are there? It works if it is used correctly. However, we've got number of bug reports for abuse/misuse cases. Refer to bugs.php.net for details. > > I do not see the point in this RFC. Did you read the RFC? It enables to write serializer by PHP script, clean and simple. It cannot be done by save handler. Besides, the reason why we don't have user defined serializer is "register_globals", the reason why we have problematic base class for OO API save handler is "register_globals". We should get rid of obsolete features at some point also. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net