On Wed, Apr 15, 2009 at 1:12 PM, A.L.E.C <[email protected]> wrote: > Robin Elfrink wrote: > >>> your patch is not fixing race condition >> >> I think it does. This is what I observed (chronologically): >> What I did is merge existing session data with new session data, instead >> of overwriting. > > My mistake, I've read the patch more precise now. I think it could fix > some issues. One thing, rcube_sess_unset() and rcube_sess_write() are > not atomic (should we use SELECT FOR UPDATE?). > >> php's unserialize() doesn't handle the >> 'name|serializeddata;othername|serializeddata;' structure. > > I see now, it's needed for data merging. session_real_decode() from > comments to http://php.net/manual/en/function.session-decode.php should > be better.
+1 -- using that as well on another project. _______________________________________________ List info: http://lists.roundcube.net/dev/
