Hi Leligh,
On Mon, Mar 17, 2014 at 10:22 PM, Leigh <[email protected]> wrote:
> On 17 March 2014 10:23, Andrey Andreev <[email protected]> wrote:
>
> > Hi Yasuo,
> >
> > There's no SessionHandler::create_sid() or
> > SessionHandlerInterface::create_sid() documented (see your own link to
> > the docs) ... since when is this available?
> >
> > I'm not sure if exposing it is a good idea anyway, why is it necessary?
> >
> >
>
> It was added in 5.5.1 - The PR was made 2 years ago by myself:
> https://github.com/php/php-src/pull/109
>
> It's not documented because I'm lazy, (it's one of those TODO items that
> has become permanent), but I personally use it. The underlying method on
> the session interface has been there for a long time (10 years might even
> be accurate), but for some unknown reason, it was not exposed to userland
> when all of the other methods were.
>
> It is necessary for custom session handler classes because without it calls
> to session_regenerate_id() do not inform the session handler about the
> change of session id. The presence of this method allows you to capture
> session id regeneration, and update files, databases, etc. as necessary,
> and also allows you to fully customise the actual session id token that is
> used. Custom prefixes, body content, encoding charset, etc.
Thank you for clarification. I didn't realize when it was implemented.
Documentation at that time would be nice w/o session_create_id().
If it is added 5.5.1, it would be safer to rename.
I think procedural session_create_sid() interface was added long time ago,
but
it's not important. As it is deprecated by documentation and I wouldn't
change
the name.
User defined save handler documentation should be improved. I think
many users are returning invalid value for read() especially.
Regards,
--
Yasuo Ohgaki
[email protected]