[PHP-DEV] Bug #8978 Updated: Add a 'readonly' possibility to the session module

Sun, 06 Jan 2002 10:02:53 -0800 

ID: 8978
Updated by: jan
Reported By: Maxim Derkachev <[EMAIL PROTECTED]>
Old Status: Analyzed
Status: Closed
Bug Type: Feature/Change Request
Operating System: 
PHP Version: 4.0.4pl1
New Comment:

seems fixed then. reopen if I am wrong

Previous Comments:
------------------------------------------------------------------------

[2001-05-16 04:17:12] Maxim Derkachev <[EMAIL PROTECTED]>

Forgot to include the batteries :)
After the patch above is applied, one could do:
session_start(SESS_READ_ONLY);
to start a readonly session. 
Functions that supposed to write the session data (core session
functions, not actual savehandler functions) will be disabled.
On the other page, if session_start() is called without the 
SESS_READ_ONLY flag, one could get the normal fully functional session,
which will write the data. That would allow to use session in framed
pages, when one frame is allowed to change the session data and another
frames only read the data, and in many other cases. E.g. for me the
feature has become inevitable when I needed to write a support chat,
which should read session variables, but should not change them and, the
most important, it should not save them, because a client could browse
other parts of the site  (and this could affect the sesson vars) while
he is chatting with the support. Without the readonly possibility, the
new session variables could be easily rewrited by the chat script with
outdated values.

------------------------------------------------------------------------

[2001-05-16 04:02:23] Maxim Derkachev <[EMAIL PROTECTED]>

just made a patch against the current sources (session.c and
php_session.h).

*** php_session.h.orig  Tue May 15 15:16:50 2001
--- php_session.h       Tue May 15 15:23:26 2001
***************
*** 96,100 ****
--- 96,103 ----
        zend_bool define_sid;
        zend_bool use_cookies;
+       int readonly;
  } php_ps_globals;
+
+ #define SESS_READONLY 1

  extern zend_module_entry session_module_entry;
*** session.c.orig      Tue May 15 15:16:04 2001
--- session.c   Wed May 16 11:54:31 2001
***************
*** 526,529 ****
--- 526,533 ----
        PLS_FETCH();

+       if (PS(readonly)) {
+               return;
+       }
+
        if (!PG(register_globals)) {
                if (!PS(http_session_vars)) {
***************
*** 899,902 ****
--- 903,911 ----
        zend_bool retval = SUCCESS;

+       if (PS(readonly)) {
+               php_error(E_WARNING, "Trying to destroy readonly
session");
+               return FAILURE;
+       }
+
        if (PS(nr_open_sessions) == 0) {
                php_error(E_WARNING, "Trying to destroy uninitialized
session");
***************
*** 1265,1270 ****
--- 1274,1297 ----
  PHP_FUNCTION(session_start)
  {
+       pval **flag;
        PSLS_FETCH();

+       if (ZEND_NUM_ARGS() > 1)
+               WRONG_PARAM_COUNT;
+
+       if (ZEND_NUM_ARGS() == 0 ) {
+               PS(readonly) = 0;
+       }
+       if (ZEND_NUM_ARGS() == 1 && zend_get_parameters_ex(1, &flag) !=
FAILURE) {
+               convert_to_long_ex(flag);
+               if (((int) ((*flag)->value.lval)) == SESS_READONLY) {
+                       PS(readonly) = 1;
+               }
+               else {
+                       PS(readonly) = 0;
+               }
+       }
+
+
        php_session_start(PSLS_C);

***************
*** 1314,1317 ****
--- 1341,1347 ----
        PSLS_FETCH();

+       if (PS(readonly))
+               return;
+
        if (PS(nr_open_sessions) == 0)
                RETURN_FALSE;
***************
*** 1353,1356 ****
--- 1383,1388 ----
        PSLS_FETCH();

+       REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY,
CONST_CS);
+
        php_rinit_session_globals(PSLS_C);

***************
*** 1404,1407 ****
--- 1436,1440 ----
        PS(module_number) = module_number;
        REGISTER_INI_ENTRIES();
+       REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY,
CONST_CS);
        return SUCCESS;
  }






------------------------------------------------------------------------

[2001-01-29 06:21:31] Maxim Derkachev <[EMAIL PROTECTED]>

Just faced the fact that the possibility to call session 'readonly' 
should be added. 
For example, when somebody calls a framed pages where all 
frames are php scripts that needs session variables. But in this 
case only one of them should be allowed to write session state, 
because every frame would write session state in an unpredictable order,

and variables registered/changed in one frame could be overwritten 
by other frames, and that would definitely break an application. 
I suggest session_start could take an optional READONLY flag to 
disable write of the session data during the page shutdown.
The idea is similar to call page_close() on only one frame in a framed
page in PHPLib-based applications.

------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=8978&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to