Hi all, session save handler developer especially,
I would like to improve session save handler module API for PHP7.
When new session data is created, some save handlers need to create
new session data explicitly. e.g. RDBMS based save handler.
New session module validates session data existence via
PS(mod)->validate_sid().
When new data record is needed, RDBMS needs INSERT query to create a record.
Since record existence is checked by validate_sid(), SELECT query in
PS(mod)->read()
that checks record existence is not required if there is proper API.
Note: validate_sid() is there to enforce secure save handler implementation.
One option is to have PS(mod)->create() for new session.
The other is additional new_id flag parameter for PS(mod)->read().
Both change requires API change, but it wouldn't be issue for PHP7.
Have new create API or new parameter for PS(mod)->read()? I don't care
which.
If there is no comment, I'll add new parameter since it's simpler.
Comments are appreciated.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Hi all,
I would like to improve session save handler module API for PHP7.
When new session data is created, some save handlers need to create
new session data explicitly. e.g. RDBMS based save handler.New session module validates session data existence via
PS(mod)->validate_sid().
When new data record is needed, RDBMS needs INSERT query to create a
record.
Since record existence is checked by validate_sid(), SELECT query in
PS(mod)->read()
that checks record existence is not required if there is proper API.
Note: validate_sid() is there to enforce secure save handler
implementation.One option is to have PS(mod)->create() for new session.
The other is additional new_id flag parameter for PS(mod)->read().Both change requires API change, but it wouldn't be issue for PHP7.
Have new create API or new parameter for PS(mod)->read()? I don't care
which.
If there is no comment, I'll add new parameter since it's simpler.Comments are appreciated.
Adding new_id parameter is simple. This is the patch.
https://github.com/yohgaki/php-src/compare/master-session-new-api
Please note that there is no session save handlers using the new_id flag
yet, but
the idea may be understood.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le 29/01/2015 08:00, Yasuo Ohgaki a écrit :
If there is no comment, I'll add new parameter since it's simpler.
Changing a function prototype is very hard to detect at buildtime,
especially when playing with pointer.
A new API seems really cleaner.
Remi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlTJ7LEACgkQYUppBSnxahj89ACg5WnLubK6P/0+cYCb3MY1Gvzq
GD0An05lk63xctI2YvWLjTwO46REgUnc
=ILAE
-----END PGP SIGNATURE
Hi Remi,
If there is no comment, I'll add new parameter since it's simpler.
Changing a function prototype is very hard to detect at buildtime,
especially when playing with pointer.A new API seems really cleaner.
Reasonable discussion. I'll prepare API version patch later.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Hi all,
A new API seems really cleaner.
Reasonable discussion. I'll prepare API version patch later.
This is the patch. It's not complete as user save handler requires more
work.
Simply read() is called as create() now. It's a PoC patch.
https://github.com/yohgaki/php-src/compare/master-session-new-api2
It's not too complex compared to parameter version.
https://github.com/yohgaki/php-src/compare/master-session-new-api
The issue with create() is that it enforces save handlers to implement
create(). It may be implemented that to check null handler to allow
save handler w/o create(), but it wouldn't look nice.
Since all save handlers must be rewritten for PHP7, it would be the
best to have only one save handler definition for internal save handlers
while keeping user save handler compatibility. Dirty part can be hidden
in mod_user.c.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net