Welcome! Log In Create A New Profile

Advanced

[PHP] Cannot make use_strict_mode work with custom session handler upon 'files'

Posted by Ivan Grigoriev 
I want to implement custom session handler upon internal files handler
similar to this:
http://php.net/manual/en/class.sessionhandler.php#example-5380 (example 1).

But with session.use_strict_mode = 1.

I have been trying to test this sample code, but I can't seem to get it
to work:

---
session_module_name('files');
ini_set('session.use_strict_mode', '1');

class MySessionHandler extends SessionHandler{}
session_set_save_handler(new MySessionHandler(), true);

session_start();
var_dump(session_id());
---

After delete an existing session file and rerun script, it create new
file with the same id.

When there is no session_set_save_handler() it works as expected: new
file is created with new id.

I suppose that it is a bug, but maybe there is a solution that I can't see.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Fri, Mar 17, 2017 at 3:52 PM, Ivan Grigoriev <[email protected]>
wrote:

> I want to implement custom session handler upon internal files handler
> similar to this: http://php.net/manual/en/class
> .sessionhandler.php#example-5380 (example 1).
>
> But with session.use_strict_mode = 1.
>
> I have been trying to test this sample code, but I can't seem to get it to
> work:
>
> ---
> session_module_name('files');
> ini_set('session.use_strict_mode', '1');
>
> class MySessionHandler extends SessionHandler{}
> session_set_save_handler(new MySessionHandler(), true);
>
> session_start();
> var_dump(session_id());
> ---
>
> After delete an existing session file and rerun script, it create new file
> with the same id.
>
> When there is no session_set_save_handler() it works as expected: new file
> is created with new id.
>
> I suppose that it is a bug, but maybe there is a solution that I can't see.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
On the documentation page it says: "*SessionHandler* is a special class
that can be used to expose the current internal PHP session save handler by
inheritance."

There is also a big warning box that says: "*Warning**: *This class is
designed to expose the current internal PHP session save handler, if you
want to write your own custom save handlers, please implement the
SessionHandlerInterface
http://php.net/manual/en/class.sessionhandlerinterface.php interface
instead of extending from *SessionHandler*."

http://php.net/manual/en/class.sessionhandlerinterface.php

Is what you are looking for.
18.03.2017 17:30, Aziz Saleh пишет:
> On Fri, Mar 17, 2017 at 3:52 PM, Ivan Grigoriev <[email protected]>
> wrote:
>
>> I want to implement custom session handler upon internal files handler
>> similar to this: http://php.net/manual/en/class
>> .sessionhandler.php#example-5380 (example 1).
>>
>> But with session.use_strict_mode = 1.
>>
>> I have been trying to test this sample code, but I can't seem to get it to
>> work:
>>
>> ---
>> session_module_name('files');
>> ini_set('session.use_strict_mode', '1');
>>
>> class MySessionHandler extends SessionHandler{}
>> session_set_save_handler(new MySessionHandler(), true);
>>
>> session_start();
>> var_dump(session_id());
>> ---
>>
>> After delete an existing session file and rerun script, it create new file
>> with the same id.
>>
>> When there is no session_set_save_handler() it works as expected: new file
>> is created with new id.
>>
>> I suppose that it is a bug, but maybe there is a solution that I can't see.
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> On the documentation page it says: "*SessionHandler* is a special class
> that can be used to expose the current internal PHP session save handler by
> inheritance."
>
> There is also a big warning box that says: "*Warning**: *This class is
> designed to expose the current internal PHP session save handler, if you
> want to write your own custom save handlers, please implement the
> SessionHandlerInterface
> http://php.net/manual/en/class.sessionhandlerinterface.php interface
> instead of extending from *SessionHandler*."
>
> http://php.net/manual/en/class.sessionhandlerinterface.php
>
> Is what you are looking for.
>
What I really want that is not implement a new session handler.
I want to expose the current internal PHP session save handler (as it
is written in the warning).

And I think that what I'm writing about is a bug. If you try to test
this code
<http://php.net/manual/en/class.sessionhandler.php#example-5380>;, it
will ignore session.use_strict_mode.

Therefore, if this is so, I need some kind of confirmation, that I don't
miss anything, before send a bug report.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
17.03.2017 22:52, Ivan Grigoriev пишет:
> I want to implement custom session handler upon internal files handler
> similar to this:
> http://php.net/manual/en/class.sessionhandler.php#example-5380 (example 1).
>
> But with session.use_strict_mode = 1.
>
> I have been trying to test this sample code, but I can't seem to get it
> to work:
>
> ---
> session_module_name('files');
> ini_set('session.use_strict_mode', '1');
>
> class MySessionHandler extends SessionHandler{}
> session_set_save_handler(new MySessionHandler(), true);
>
> session_start();
> var_dump(session_id());
> ---
>
> After delete an existing session file and rerun script, it create new
> file with the same id.
>
> When there is no session_set_save_handler() it works as expected: new
> file is created with new id.
>
> I suppose that it is a bug, but maybe there is a solution that I can't see.
This is definitely a bug.
I tried to write a bug report but have no success.
https://bugs.php.net/bug.php?id=74255

This is a minimal implementation:
<?php
session_module_name('files');
ini_set('session.use_strict_mode', '1');

session_set_save_handler(new MySessionHandler(), true);

session_start();
var_dump(session_id());

class MySessionHandler extends SessionHandler
{
/**
* Getting full path to session file
*
* It's depend on internal realization of 'files' hander.
* Must be reviewed after each php release.
*/
private function getFullPathName(string $key) : string
{
if (empty($filename = session_save_path())) {
$filename = sys_get_temp_dir();
} elseif (strpos($filename, ';') !== false) {
$data = explode(';', $filename);
$count = $data[0];
$filename = end($data);
for ($i = 0; $i < $count; $i++) {
$filename .= '/' . $key[$i];
}
}
return $filename.'/sess_'.$key;
}

public function validateId($key)
{
return file_exists($this->getFullPathName($key));
}
}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 25.03.2017 at 07:19, Ivan Grigoriev wrote:

> 17.03.2017 22:52, Ivan Grigoriev пишет:
>
>> I want to implement custom session handler upon internal files handler
>> similar to this:
>> http://php.net/manual/en/class.sessionhandler.php#example-5380
>> (example 1).
>>
>> But with session.use_strict_mode = 1.
>>
>> I have been trying to test this sample code, but I can't seem to get it
>> to work:
>>
>> ---
>> session_module_name('files');
>> ini_set('session.use_strict_mode', '1');
>>
>> class MySessionHandler extends SessionHandler{}
>> session_set_save_handler(new MySessionHandler(), true);
>>
>> session_start();
>> var_dump(session_id());
>> ---
>>
>> After delete an existing session file and rerun script, it create new
>> file with the same id.
>>
>> When there is no session_set_save_handler() it works as expected: new
>> file is created with new id.
>>
>> I suppose that it is a bug, but maybe there is a solution that I can't
>> see.
>
> This is definitely a bug.
> I tried to write a bug report but have no success.
> https://bugs.php.net/bug.php?id=74255

Have you tried implementing ::validate_sid(); see
<https://github.com/php/php-src/blob/6053987bc27e8dede37f437193a5cad448f99bce/ext/session/tests/session_set_save_handler_class_018.phpt#L61-L63>;.

>
> This is a minimal implementation:
> <?php
> session_module_name('files');
> ini_set('session.use_strict_mode', '1');
>
> session_set_save_handler(new MySessionHandler(), true);
>
> session_start();
> var_dump(session_id());
>
> class MySessionHandler extends SessionHandler
> {
> /**
> * Getting full path to session file
> *
> * It's depend on internal realization of 'files' hander.
> * Must be reviewed after each php release.
> */
> private function getFullPathName(string $key) : string
> {
> if (empty($filename = session_save_path())) {
> $filename = sys_get_temp_dir();
> } elseif (strpos($filename, ';') !== false) {
> $data = explode(';', $filename);
> $count = $data[0];
> $filename = end($data);
> for ($i = 0; $i < $count; $i++) {
> $filename .= '/' . $key[$i];
> }
> }
> return $filename.'/sess_'.$key;
> }
>
> public function validateId($key)
> {
> return file_exists($this->getFullPathName($key));
> }
> }

--
Christoph M. Becker

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
25.03.2017 13:17, Christoph M. Becker пишет:
>
> Have you tried implementing ::validate_sid(); see
> <https://github.com/php/php-src/blob/6053987bc27e8dede37f437193a5cad448f99bce/ext/session/tests/session_set_save_handler_class_018.phpt#L61-L63>;.
>
Sorry. It dosn't work at all.
This test successes only if file u_sess_PHPSESSIDmy_sid exists.
If you run only this test, it fails.

You will never get into ::validate_sid() function.
You have to use ::validateId() instead.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login