Robin Elfrink wrote: >> your patch is not fixing race condition > > I think it does. This is what I observed (chronologically): > What I did is merge existing session data with new session data, instead > of overwriting.
My mistake, I've read the patch more precise now. I think it could fix some issues. One thing, rcube_sess_unset() and rcube_sess_write() are not atomic (should we use SELECT FOR UPDATE?). > php's unserialize() doesn't handle the > 'name|serializeddata;othername|serializeddata;' structure. I see now, it's needed for data merging. session_real_decode() from comments to http://php.net/manual/en/function.session-decode.php should be better. -- Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252 LAN Management System Developer http://lms.org.pl Roundcube Webmail Project Developer http://roundcube.net _______________________________________________ List info: http://lists.roundcube.net/dev/
