> https://bugs.php.net/bug.php?id=68331 > > I was hoping the submitter (or one of their coworkers who commented on > it) would reach out to the list themselves to get more information > since I don't know the whole situation. I did ask them to...
Sorry, I had an email written up to send out to the list but missent it yesterday. Thank you for taking the time to write this up though! > Story thus far: > Yasuo's session-lock-ini RFC [1] in February 2014 was (partially) > approved - the relevant change being that it adds support for lazy > writing. Optionally. There's a pull request with it that has NOT been > merged; as far as I can tell it's because there was discussion after > the vote raising problems and there was another RFC [2] (since > withdrawn) to change the first one. I also vaguely remember there > being merge problems between 5.6 and something? > > Unrelated and prior to all this was a commit [3] in August 2013 for > request #17860 [4] that made session writes lazy for everyone. [see > session.c] Not optionally. It went into 5.6. Apparently this caused > problems for some people as they made 68331 a few days ago. I'm not > entirely sure that the userland code couldn't be changed to deal with > the lazy writing without requiring the crazy workaround they > described, but whatever I don't know their codebase. So for us we'd like to be able to write the session during shutdown and that (prior to PHP 5.6) means doing it in the write() handler that we registered. In PHP 5.6 the only reasonable alternative in userland is to do it in the close() handler instead. This is really hacky and there are other quirks with doing it in close instead. We really have two issues with the lazy writing implementation: - We can't really update the timestamp for the session cleanly without changing where the write is happening. - Data that we want to save independent of $_SESSION doesn't cause the session to be marked as needing saved. That means we don't get the callback to the write() handler. > > I tried explaining that session-lock-ini is not yet merged, despite > being approved and being listed under the PHP 5.6 heading at /rfc, and > that the commit in question was entirely separate, to no avail. > Meanwhile I did NAB the bug on the grounds that the change was > intentional. I don't think anyone is arguing that it was unintentional. It simply was a backwards incompatible change that happened before the RFC and wasn't mentioned in the backwards incompatible list. The bug that the commit actually addressed was from 12 years ago and wasn't even asking for the feature that got implemented to address the bug. That made me suspicious of the route that commit took to get into PHP 5.6. > > So what's up with the RFC and its code? Is it still happening for 5.6 > (too late?) or 5.7 (I lost track if we're doing that) or 7? Any > suggestions for what I can tell the folks concerned? It seems that PHP 5.6 is under a feature lock so I'd be very surprised if this was allowed in for PHP 5.6. Unfortunately, the best route may be to revert the commit from 2013 since the change seemed like it sidestepped the entire RFC process. Here is my original email I was going to send: It seems like the RFC for session lazy_write passed and was intended for PHP 5.6 but didn't quite make it into the release. Is anyone aware of the status of the RFC and what will actually happen as it was approved but not implemented in time? [1] Similarly, there was a commit [2] related to doing a lazy_write on session that appears to have been committed far before the RFC was drafted but had unintended consequences. There is an unfortunate backwards incompatible bug in this commit that custom session handlers are not called when the session hasn't changed so anything outside of the normal $_SESSION state isn't handled. In addition to that, this has caused updating session timestamps to be more difficult and require a slight rewrite of PHP implementations (ironically not writing in the write() call). I have created a bug [3] for this but it got NABed due to the RFC but it really appears to be stagnant at this point. PHP 5.6 is already released and I feel like this has really manifested as a bug at this point since it's actively causing issues with custom session handlers. [1]: https://wiki.php.net/rfc/session-read_only-lazy_write [2]: https://github.com/php/php-src/commit/554021d21e1b2517313a377676260c188152c2eb [3]: https://bugs.php.net/bug.php?id=68331 Mark -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
