Hi Rasmus,
On Wed, Feb 4, 2015 at 1:20 AM, Rasmus Lerdorf <[email protected]> wrote:
> Hey Yasuo, I noticed that you removed the invalid_session_id boolean
> from php_session.h. For extensions that do:
>
> PS(invalid_session_id) = 1;
>
> what is the new way for them?
>
At first, PS(invalid_session_id) was never worked as it supposed. It wasn't
used to
generate new session ID when session ID is invalid...
To notify invalid session ID to session module, please use
PS_FUNC_VALIDATE_SID().
If it returns FAILURE, session module creates new session ID by using
PS_FUNC_CREATE_SID().
If PS_FUNC_CREATE_SID() is not implemented, session module uses the default
php_session_create_id().
For save handlers, there are old save handler definitions PS_FUNCS,
PS_FUNCS_SID. New
save handlers are supposed to use PS_FUNCS_UPDATE_TIMESTAMP. It requires to
implement
PS_CREATE_SID, if save handler does not need custom session ID, the default
php_session_create_id()
may simply be called. However, session ID collision is better to be checked
like "files" handler. With
collision check in PS_CREATE_SID_FUNC(), collision never happens.
/*
* Create session ID.
* PARAMETERS: PS_CREATE_SID_ARGS in php_session.h
* RETURN VALUE: Valid session ID(zend_string *) or NULL for FAILURE.
*
* PS_CREATE_SID_FUNC() must check collision. i.e. Check session data if
* new sid exists already.
* *mod_data is guaranteed to have non-NULL value.
* NOTE: Default php_session_create_id() does not check collision. If
* NULL is returned, session module create new ID by using
php_session_create_id().
* If php_session_create_id() fails due to invalid configuration, it raises
E_ERROR.
* NULL return value checks from php_session_create_id() is not required
generally.
*/
PS_CREATE_SID_FUNC(files)
{
zend_string *sid;
int maxfail = 3;
PS_FILES_DATA;
do {
sid = php_session_create_id((void**)&data);
if (!sid) {
if (--maxfail < 0) {
return NULL;
} else {
continue;
}
}
/* Check collision */
/* FIXME: mod_data(data) should not be NULL (User handler could be
NULL) */
if (data && ps_files_key_exists(data, sid->val) == SUCCESS) {
if (sid) {
zend_string_release(sid);
sid = NULL;
}
if (--maxfail < 0) {
return NULL;
}
}
} while(!sid);
return sid;
}
Summary for new save handler
- Use PS_FUNCS_UPDATE_TIMESTAMP/PS_MOD_UPDATE_TIMESTAMP
- PS_VALIDATE_SID() returns FAILURE for uninitialized session ID, anything
save handler decides as invalid session ID. Otherwise, return SUCCESS.
- PS_CREATE_SID() should check session ID collision. Return NULL for
failure.
- PS_UPDATE_TIMSTAMP_FUNC() must update session data timestamp. e.g.
touch file for "files", memcache updates timestamp by read access so
return
SUCCESS simply.
I added comments to ext/session/mod_files.c for save handler developers.
Please refer to it also.
Regards,
--
Yasuo Ohgaki
[email protected]
