Hi! > Probability based GC is unreliable and can reactivate very old sessions > without "Precise session management RFC" and you opposed the RFC.
You know why I opposed the RFC - because it had huge number of things packed together, some of which I agree with, some of which I disagree and some of which I agree in principle, but would like to do in other ways. I thought that the RFC would be much better to split up, and was arguing so, but you decided it is better to proceed with everything as one package, which is your right as RFC author, but it failed. So now it is time to consider it piece by piece. I think session_gc() would be a good addition, but I oppose the idea that it should be the *only* method of GC. Many sites would have hard time working with this method, either because of not having cron access or not being able to configure it correctly, and would just resort to implementing probabilistic GC anyway, introducing myriad of bugs on the way. And the fact is, for most sites probabilistic GC works nicely. Only sites that have very low traffic and very short session lifetimes would have any issue with probabilistic GC. If you have a site with 10 requests per second, and have GC with probability of 1%, then it is functionally equivalent of doing manual GC once per 10 seconds. Of course, you don't know when exactly, but a) cron doesn't exactly guarantee precise timing either and b) I do not see why it would be so important for a common application if the session is cleaned up after 10 or 12 seconds. There are other questions with regard to old sessions - but those are not very relevant to GC model so I do not discuss them here. We can discuss them separately. > Reactivating obsoleted/should be deleted session is wrong simply. > Why users shouldn't matter? I never said "users shouldn't matter", so please do not ascribe it to me. Of course users matter, that's why we are doing all this. The question is how to help them. I appreciate that you think manual GC is superior, and I fully support inclusion of that option into PHP. What I however can not support is to make this the only option, contrary to what worked in PHP for nearly two decades. I want both your opinion and opinions different from yours to be accommodated, and to that goal I propose to support both ways to do GC and let the user choose which one is best for them. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
