PHP user session handlers

19 years ago by Glenn Richmond — view source — reply

unread

Hi guys,

Just wondering what the status of the user-defined session handlers is?

I've tested with 5.2rc4 and there is an issue that the references to the
user functions get erased when the user calls session_write_close or
session_destroy. This means that the system reverts to an alternative
handler.

Any idea if this issue has been resolved or if not, how it could be
resolved? It basically makes large-scale user-defined session handlers
impossible (for general website handling). It has been discussed
previously, but no solution has been proposed as of yet.

Glenn.

19 years ago by Antony Dovgal — view source — reply

unread

Hi guys,

Just wondering what the status of the user-defined session handlers is?

I don't think it makes any sense to ask such questions on the list, for the answer in most cases is "they are doing fine, thank you".
Just grab the latest snapshot, test it and report any issues you see.

I've tested with 5.2rc4 and there is an issue that the references to the
user functions get erased when the user calls session_write_close or
session_destroy. This means that the system reverts to an alternative
handler.

Any idea if this issue has been resolved or if not, how it could be
resolved? It basically makes large-scale user-defined session handlers
impossible (for general website handling). It has been discussed
previously, but no solution has been proposed as of yet.

--
Wbr,
Antony Dovgal

19 years ago by Glenn Richmond — view source — reply

unread

Done, I've just tested on PHP Version 5.2.0RC7-dev (today's snapshot)
and get the same result. The code is:

session_start();
$_SESSION['testing'] = $contents;
session_write_close();

unset($_SESSION['testing']);

session_start();
$newcontents = $_SESSION['testing'];
session_write_close();

There is a php file prepended to all code executions that sets up the
custom handler and it works for the first session_start, but on the
second call to session_start, I get:

Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to
initialize storage module: user (path: /tmp/php_sessions)

i.e. It still knows that it's a custom defined handler, but the
references to the functions are gone. If I make a call to
session_set_save_handler after the first session_write_close, the
problem goes away. Of course, this isn't practical for a large number of
sites.

Glenn.

Antony Dovgal wrote:

Hi guys,

Just wondering what the status of the user-defined session handlers is?

I don't think it makes any sense to ask such questions on the list,
for the answer in most cases is "they are doing fine, thank you".
Just grab the latest snapshot, test it and report any issues you see.

I've tested with 5.2rc4 and there is an issue that the references to the
user functions get erased when the user calls session_write_close or
session_destroy. This means that the system reverts to an alternative
handler.

Any idea if this issue has been resolved or if not, how it could be
resolved? It basically makes large-scale user-defined session handlers
impossible (for general website handling). It has been discussed
previously, but no solution has been proposed as of yet.

19 years ago by Lukas Kahwe Smith — view source — reply

unread

Glenn Richmond wrote:

i.e. It still knows that it's a custom defined handler, but the
references to the functions are gone. If I make a call to
session_set_save_handler after the first session_write_close, the
problem goes away. Of course, this isn't practical for a large number of
sites.

And this worked in previous releases?
I am very certain that this was the bahviour on PHP4, not sure about 5.x
though.

regards,
Lukas

19 years ago by Glenn Richmond — view source — reply

unread

No, it's never worked as far as I know, but it doesn't mean it's not a
bug. The session functions shouldn't have to be reset every time
session_write_close or session_destroy is called. It's been logged
previously at: http://bugs.php.net/bug.php?id=32330. It's also a
consistent issue in varoius forums of major PHP projects.

Any idea on a solution for this one?

Regards,

Glenn.

Lukas Kahwe Smith wrote:

Glenn Richmond wrote:

i.e. It still knows that it's a custom defined handler, but the
references to the functions are gone. If I make a call to
session_set_save_handler after the first session_write_close, the
problem goes away. Of course, this isn't practical for a large number of
sites.

And this worked in previous releases?
I am very certain that this was the bahviour on PHP4, not sure about
5.x though.

regards,
Lukas

19 years ago by Lukas Kahwe Smith — view source — reply

unread

Glenn Richmond wrote:

No, it's never worked as far as I know, but it doesn't mean it's not a
bug. The session functions shouldn't have to be reset every time
session_write_close or session_destroy is called. It's been logged
previously at: http://bugs.php.net/bug.php?id=32330. It's also a
consistent issue in varoius forums of major PHP projects.

Ah ok, it sounded to me like you were reporting a BC break. I agree this
should be fixed if possible, but its not something that will get
addressed in 5.2.0 simply due to release management concerns.

Hopefully for 5.2.1 someone comes up with a fix.

regards,
Lukas

19 years ago by Glenn Richmond — view source — reply

unread

ok, sure. I'm a little more familiar with the php code base now than
when I first looked at the bug a few weeks ago, so I'll have another
look and see if I can come up with a fix in the mean time. Should it be
re-logged as a bug to get it some more attention in the future?

Regards,

Glenn.

Lukas Kahwe Smith wrote:

Glenn Richmond wrote:

No, it's never worked as far as I know, but it doesn't mean it's not
a bug. The session functions shouldn't have to be reset every time
session_write_close or session_destroy is called. It's been logged
previously at: http://bugs.php.net/bug.php?id=32330. It's also a
consistent issue in varoius forums of major PHP projects.

Ah ok, it sounded to me like you were reporting a BC break. I agree
this should be fixed if possible, but its not something that will get
addressed in 5.2.0 simply due to release management concerns.

Hopefully for 5.2.1 someone comes up with a fix.

regards,
Lukas

19 years ago by Lukas Kahwe Smith — view source — reply

unread

Glenn Richmond wrote:

look and see if I can come up with a fix in the mean time. Should it be
re-logged as a bug to get it some more attention in the future?

more bug reports are not going to help .. just append the existing one
with a patch.

regards,
Lukas

19 years ago by Lukas Kahwe Smith — view source — reply

unread

Glenn Richmond wrote:

Hi guys,

Just wondering what the status of the user-defined session handlers is?

I've tested with 5.2rc4 and there is an issue that the references to the
user functions get erased when the user calls session_write_close or
session_destroy. This means that the system reverts to an alternative
handler.

Any idea if this issue has been resolved or if not, how it could be
resolved? It basically makes large-scale user-defined session handlers
impossible (for general website handling). It has been discussed
previously, but no solution has been proposed as of yet.

I am quite sure we had this behaviour since forever.
Did you verify that this is not old?

regards,
Lukas