Re: "php_serialize" session serialize handler

From:	Yasuo Ohgaki	Date:	Fri, 09 Aug 2013 09:26:56 +0000
Subject:	Re: "php_serialize" session serialize handler
References:	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Leigh,

On Fri, Aug 9, 2013 at 5:28 PM, Leigh <[email protected]> wrote:

> On 8 August 2013 23:31, Yasuo Ohgaki <[email protected]> wrote:
>
>>
>> How php_serialize would cause BC issues for PHP users?
>>
>
> Not everyone uses PHP in the way you would expect. Just how many sites out
> there do you think use PHPs session functionality? I'd go for hundreds of
> millions, and that's a pretty big target to hit.
>
> If you session_encode() something on 5.x with default settings and 5.x+1
> cannot session_decode() it with default settings, that is a BC break.
>

Mixing versions with shared data should be carefully handled for almost all
apps.
Even if this is the case, users may use old serializer so no BC.

Anyway, we also have to consider number of bug/request reports that it
solves.
There are countless bug reports that were closed as "won't fix"/"not a bug"
because of the register_globals support in session module.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (26 messages)

• Yasuo OhgakiWed, 07 Aug 2013 06:59:14 +0000
  • Stas MalyshevWed, 07 Aug 2013 20:34:26 +0000
    • Yasuo OhgakiThu, 08 Aug 2013 00:58:11 +0000
      • Stas MalyshevThu, 08 Aug 2013 01:03:35 +0000
        • Yasuo OhgakiThu, 08 Aug 2013 01:41:43 +0000
          • Stas MalyshevThu, 08 Aug 2013 02:03:54 +0000
            • Yasuo OhgakiThu, 08 Aug 2013 02:11:33 +0000
              • Yasuo OhgakiThu, 08 Aug 2013 02:23:33 +0000
                • Lester CaineThu, 08 Aug 2013 08:26:10 +0000
                  • Yasuo OhgakiThu, 08 Aug 2013 10:09:18 +0000