> With PHP 4.3, it finally becomes possible to completely
> manage session variables without any dedicated functions.
> Just set or unset variables in $_SESSION and you are done
> with it. It could not be any easier.
And that's very nice. I have no argument with that.
> The streamlining of the serialization process also has
> another advantage -- the extension will notify developers
> that their script might be indeterministic.
>
> How? you ask. Imagine a section of code which intents to
> change a session variable. At the first execution, setting
> the global works. But when the section of code is run again,
> the exact same code will silently fail.[1]
request #1:
session_register('c');
$c = 3;
request #2:
session_register('c');
$c = 4;
This is the exact same code run twice. It works exactly the same both
times. Where is the silent failure?
> You have observed correctly that application developers have
> noticed that disabling register_globals has an effect on
> their session usage. Those developers have appropiately
> changed their applications to read from and write to
> $_SESSION.
Not necessarily. Many have changed their applications to read from
$_SESSION but have not changed how they create their session vars
initially. Nor should they have to in my opinion.
> Now I ask you: Why should the same set of developers be
> afraid or incapable of making their scripts more reliable and
> not complete this transition?
They probably should, but I see no reason to break their existing code
without a really good reason. You have yet to give a really good reason.
-Rasmus
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
