Re: session_reset() and session_abort() to send errors

From:	Yasuo Ohgaki	Date:	Fri, 28 Mar 2014 06:48:54 +0000
Subject:	Re: session_reset() and session_abort() to send errors
References:	1 2 3 4 5 6 7	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Andrey,

On Thu, Mar 27, 2014 at 9:05 PM, Andrey Andreev <[email protected]> wrote:

> > This function is useful for session save handlers that do not lock
> > session data. Example is memcached. This function could be used
> > re-read session data to mitigate over written session data with unlock
> > session data.
> >
> > Andrey, just because you don't think of usage, it does not mean it does
> not
> > mean unneeded or not useful. You are better to ask the reason behind why
> > first.
> > Good library should have defined API for specific tasks, too. You also
> has
> > misunderstanding about why delayed deletion for session_regenerate_id()
> > is mandatory.
>
> Yasuo ... There's no misunderstanding, I just have a disagreement with
> you about that issue and I'm tired of arguing over that. Let's just
> keep session_regenerate_id() in it's own thread, ok?
>

Ok.
I'm talking about XHR cannot be solution and delayed deletion is
mandatory for precise session management. We may discuss later since
I'm going to fork session module.


> But speaking of mandatory: locks are mandatory, so how are non-locking
> handlers an argument in all of this?
>

I use unlocked session for performance tuning often.
Apps could be much faster with little care and little code changes.
Sometimes this function is needed to be sure.

Also, I didn't just question if there's a use case, I'm questioning if
> it is safe to use session_reset() at all. Re-reading doesn't imply
> discarding currently open resources and complerely re-initializing the
> session and from what I see - that's exactly what the function does,
> or am I missing something?


I think session manager should "manage" how session is managed.
Save handlers should save/retrieve session data only. Since session
manager does not have such feature, save handlers does the task and
there is unlocked sessions. Since there is no exposed user functions for
save handlers, reset is needed on occasion.

I would rather have session_gc() back as I wrote in previous mail, though.
This one is truly mandatory function even with precise session data
expiration.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (15 messages)

• Julien PauliThu, 20 Mar 2014 16:01:40 +0000
  • Yasuo OhgakiThu, 20 Mar 2014 23:57:59 +0000Re: session_reset() and session_abort() to send errors
    • Julien PauliFri, 21 Mar 2014 10:40:58 +0000
      • Andrey AndreevTue, 25 Mar 2014 16:06:29 +0000
        • Julien PauliWed, 26 Mar 2014 09:57:58 +0000
          • Yasuo OhgakiThu, 27 Mar 2014 10:38:16 +0000
            • Andrey AndreevThu, 27 Mar 2014 12:05:57 +0000
              • Yasuo OhgakiFri, 28 Mar 2014 06:48:54 +0000
        • Yasuo OhgakiFri, 28 Mar 2014 06:54:22 +0000
          • Andrey AndreevFri, 28 Mar 2014 09:41:05 +0000
            • Yasuo OhgakiTue, 01 Apr 2014 00:59:48 +0000
              • Andrey AndreevTue, 01 Apr 2014 09:20:30 +0000
                • Yasuo OhgakiFri, 04 Apr 2014 09:48:43 +0000
                  • Andrey AndreevFri, 04 Apr 2014 10:07:56 +0000
                    • Yasuo OhgakiFri, 04 Apr 2014 22:31:37 +0000