Hi all,

On Wed, Jan 27, 2016 at 12:28 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
>> Note for this issue.
>> The change does not breaks normal codes as PHP cannot set new session
>> ID when header is already sent. The session is _not_ accessible
>> anyway. Not writing orphaned session does not matter at all.
>>
>> If you understand exactly what is happening, it is understandable this
>> is not a BC for production code, but only breaks test code that
>> inspect session behaviors and it found out bogus write() is gone now.
>>
>> Anyway, to fix existing app/framework unit test failures, (it's not
>> fixing anything but leave bogus write(), though)
>> removing php_session_abort() from php_session_cache_limitter() should be 
>> enough.
>
> One additional note.
>
> Removing the php_session_abort() will result in session_start() return
> TRUE even when the session is unusable. This may results in hard to
> debug bug why session is lost in certain pages.
>
> Anyway, I don't have much opinion to restore old behavior including
> restoring crashes by save handler abuse for PHP 5.6. I think PHP 7.0
> is better to keep the patch as is, but it may be fixed in PHP 7.1.

Sorry for scattered message, but it would be the best resolution to
ask those frameworks/apps developer to ignore/remove the test?

Returning FALSE for invalid session_start() should worth for
frameworks/apps developer rather than keeping bogus test passing. IMO.

Any comments?

--
Yasuo Ohgaki
yohg...@ohgaki.net

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to