Hey Yasuo, I noticed that you removed the invalid_session_id boolean
from php_session.h. For extensions that do:
PS(invalid_session_id) = 1;
what is the new way for them?
-Rasmus
Hi Rasmus,
Hey Yasuo, I noticed that you removed the invalid_session_id boolean
from php_session.h. For extensions that do:PS(invalid_session_id) = 1;
what is the new way for them?
At first, PS(invalid_session_id) was never worked as it supposed. It wasn't
used to
generate new session ID when session ID is invalid...
To notify invalid session ID to session module, please use
PS_FUNC_VALIDATE_SID().
If it returns FAILURE, session module creates new session ID by using
PS_FUNC_CREATE_SID().
If PS_FUNC_CREATE_SID() is not implemented, session module uses the default
php_session_create_id().
For save handlers, there are old save handler definitions PS_FUNCS,
PS_FUNCS_SID. New
save handlers are supposed to use PS_FUNCS_UPDATE_TIMESTAMP. It requires to
implement
PS_CREATE_SID, if save handler does not need custom session ID, the default
php_session_create_id()
may simply be called. However, session ID collision is better to be checked
like "files" handler. With
collision check in PS_CREATE_SID_FUNC(), collision never happens.
/*
-
Create session ID.
-
PARAMETERS: PS_CREATE_SID_ARGS in php_session.h
-
RETURN VALUE: Valid session ID(zend_string *) or
NULLfor FAILURE. -
PS_CREATE_SID_FUNC() must check collision. i.e. Check session data if
-
new sid exists already.
-
*mod_data is guaranteed to have non-NULL value.
-
NOTE: Default php_session_create_id() does not check collision. If
-
NULLis returned, session module create new ID by using
php_session_create_id(). -
If php_session_create_id() fails due to invalid configuration, it raises
E_ERROR. -
NULLreturn value checks from php_session_create_id() is not required
generally.
*/
PS_CREATE_SID_FUNC(files)
{
zend_string *sid;
int maxfail = 3;
PS_FILES_DATA;do {
sid = php_session_create_id((void**)&data);
if (!sid) {
if (--maxfail < 0) {
return NULL;
} else {
continue;
}
}
/* Check collision /
/ FIXME: mod_data(data) should not beNULL(User handler could be
NULL) */
if (data && ps_files_key_exists(data, sid->val) == SUCCESS) {
if (sid) {
zend_string_release(sid);
sid = NULL;
}
if (--maxfail < 0) {
return NULL;
}
}
} while(!sid);return sid;
}
Summary for new save handler
- Use PS_FUNCS_UPDATE_TIMESTAMP/PS_MOD_UPDATE_TIMESTAMP
- PS_VALIDATE_SID() returns FAILURE for uninitialized session ID, anything
save handler decides as invalid session ID. Otherwise, return SUCCESS. - PS_CREATE_SID() should check session ID collision. Return
NULLfor
failure. - PS_UPDATE_TIMSTAMP_FUNC() must update session data timestamp. e.g.
touch file for "files", memcache updates timestamp by read access so
return
SUCCESS simply.
I added comments to ext/session/mod_files.c for save handler developers.
Please refer to it also.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
I added comments to ext/session/mod_files.c for save handler developers.
Please refer to it also.
Please add them (and maybe example migration code) to UPGRADING.INTERNALS
Thanks!
Hi Pierre,
Please add them (and maybe example migration code) to UPGRADING.INTERNALS
Got it!
I'll add it to UPGRADING soon.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net