Hi, On Sat, Apr 16, 2016 at 12:15 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi Stas, > > On Wed, Apr 13, 2016 at 2:25 AM, Stanislav Malyshev <smalys...@gmail.com> > wrote: > >> Lack of proper API for required task is our problem. Misuse is not > ours. IMHO. > > > > No, it is our problem. We can't just create whatever and throw it over > > the fence. The properly designed API has to make correct use very easy > > and incorrect use very hard. That's the point of designing the API, not > > just giving people means to run random pieces of C code from PHP. > > > > With that in mind, the API should be designed so that misuse - > > especially unintentional misuse - is hard. Not impossible - that we > > can't do - but hard. It *is* our responsibility. > > I know there are different point views, but I'm against this POV. > > There _must_ be API that achieves well defined tasks. There are many APIs > that do not do this, but I don't think this would be an excuse. There are > many > examples in security related APIs. > I don't believe anybody is questioning the need to introduce this new API. What I am questioning is, at minimum, how it is documented. And that's because you've explicitly stated this in your RFC: > Document calling session_gc() periodically is the best practice. If you want to document usage of this new API as the best practice, it would be unfair to the users if you don't also document the caveats that come with it: - That they should NOT e.g. put session_gc() at the top of their front-controllers - That it is ONLY meant to be called by a regularly-executed cron script - That it WILL result in double GC calls if they don't turn off probability-based behavior (and how to do that; based on my observations, the vast majority of users don't know how GC is triggered at all) Documenting these potential problems is the bare minimum to minimize misusage, although I think it's a cop-out. IMO, there should be safe-guards implemented into the function itself: - Trigger warnings when session_gc() is called while gc_probability is not 0. - To avoid re-activating expired sessions, trigger warnings when session_gc() is called after session_start() ... and possibly skip GC execution in these cases. Cheers, Andrey.
