Hi Rasmus, On Wed, Feb 4, 2015 at 1:20 AM, Rasmus Lerdorf <ras...@lerdorf.com> wrote:
> Hey Yasuo, I noticed that you removed the invalid_session_id boolean > from php_session.h. For extensions that do: > > PS(invalid_session_id) = 1; > > what is the new way for them? > At first, PS(invalid_session_id) was never worked as it supposed. It wasn't used to generate new session ID when session ID is invalid... To notify invalid session ID to session module, please use PS_FUNC_VALIDATE_SID(). If it returns FAILURE, session module creates new session ID by using PS_FUNC_CREATE_SID(). If PS_FUNC_CREATE_SID() is not implemented, session module uses the default php_session_create_id(). For save handlers, there are old save handler definitions PS_FUNCS, PS_FUNCS_SID. New save handlers are supposed to use PS_FUNCS_UPDATE_TIMESTAMP. It requires to implement PS_CREATE_SID, if save handler does not need custom session ID, the default php_session_create_id() may simply be called. However, session ID collision is better to be checked like "files" handler. With collision check in PS_CREATE_SID_FUNC(), collision never happens. /* * Create session ID. * PARAMETERS: PS_CREATE_SID_ARGS in php_session.h * RETURN VALUE: Valid session ID(zend_string *) or NULL for FAILURE. * * PS_CREATE_SID_FUNC() must check collision. i.e. Check session data if * new sid exists already. * *mod_data is guaranteed to have non-NULL value. * NOTE: Default php_session_create_id() does not check collision. If * NULL is returned, session module create new ID by using php_session_create_id(). * If php_session_create_id() fails due to invalid configuration, it raises E_ERROR. * NULL return value checks from php_session_create_id() is not required generally. */ PS_CREATE_SID_FUNC(files) { zend_string *sid; int maxfail = 3; PS_FILES_DATA; do { sid = php_session_create_id((void**)&data); if (!sid) { if (--maxfail < 0) { return NULL; } else { continue; } } /* Check collision */ /* FIXME: mod_data(data) should not be NULL (User handler could be NULL) */ if (data && ps_files_key_exists(data, sid->val) == SUCCESS) { if (sid) { zend_string_release(sid); sid = NULL; } if (--maxfail < 0) { return NULL; } } } while(!sid); return sid; } Summary for new save handler - Use PS_FUNCS_UPDATE_TIMESTAMP/PS_MOD_UPDATE_TIMESTAMP - PS_VALIDATE_SID() returns FAILURE for uninitialized session ID, anything save handler decides as invalid session ID. Otherwise, return SUCCESS. - PS_CREATE_SID() should check session ID collision. Return NULL for failure. - PS_UPDATE_TIMSTAMP_FUNC() must update session data timestamp. e.g. touch file for "files", memcache updates timestamp by read access so return SUCCESS simply. I added comments to ext/session/mod_files.c for save handler developers. Please refer to it also. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net