Hi,
looks like you have put a lot of work into this one :-)
Thanks for keeping up the work on the session module.
> - Crashes are caused by invlaid save_path, invalid
> session id name, return value from user defined session function.
> There may be other crashes observed that I don't know.
It is not apparent from either your description or the patch
which issue caused the above behaviour. Please elaborate.
If you are just referring to the unconditional freeing of val
as returned from the read handler, I disagree that it should be
conditional. A handler should return an empty string in that
case. Segfaulting is ok, because that will alert the
author of the module to fix his code and thus will improve
code quality.
> - Broken mm save handler.
Your patch to mod_mm.c always returns SUCCESS, even if the
operation fails. That's pointless, the caller function
checks for that return value. I also disagree with not
stopping script execution, if the session module startup
fails. Every script which is based upon sessions completely
depends on them. Execution shall halt, if such a fatal error
is encountered.
> - Sticky session module name
Please elaborate.. AFAICT, the call to alter_ini is the same.
> - Change error level for failure to open session.
> (E_ERROR -> E_WARNING)
See above.
> - Dead lock with files handler
Not needed.. the code checks for data->fd < 0 which is a more
subtle way for explicit error reporting.
> - Prevent calling session_name() and session_set_cookie_parameter()
> once session is started. It doesn't work after session is started,
> anyways.
> - Prevent to set module name after session is started. (This causes
> dead lock with files hadler. It may do something bad for other save
> handlers also. It should be prevented, IMO.)
Good. There is a bogus error message in the cache_limiter
code.
- Sascha Experience IRCG
http://schumann.cx/ http://schumann.cx/ircg
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
