Hi, >> I have been investigating a problem occuring when using APC in >> combination with userspace session save handlers. This has been reported >> multiple times both in the APC and PHP bugtrackers, bugs related to this >> issue include (but are most likely not limited to): > > This has been documented feature for several years. > You should explicitly call session_write_close() when your custom > session handler is a userspace object.
I would consider this a work-around to a design issue - but not a solution. With other extensions, I could imagine even crashing PHP in this way if a suitable extension is loaded - assume such an extension has some global state initialized on RINIT and deinitialized on RSHUTDOWN, and then after de-initialization the user-space session handler kicks in and tries to do something with the extension - all kinds of weird things could happen. If you say: ok, we want to force the user to use session_write_close(), then we should make sure php_session_flush() is only called at the end of the script if no userspace handler is installed, else emit a warning or whatever (if that's even possible at that point because output was already flushed completely). But even then you still have the problem with serialization. If you put an object into your $_SESSION data that has a __sleep function - and that __sleep function uses some kind of other functionality other than returning a simple array, you will run into problems. And that is the case regardless of whether you use a userspace session handler. I don't think that ANY extension should use the engine to execute userspace code in RSHUTDOWN - at all. If an extension does such a thing, I'd consider the resulting behaviour undefined and prone to all sorts of trouble. Regards, Christian -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
