php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #66615 session_set_save_handler() with object is broken
Submitted: 2014-01-31 06:22 UTC Modified: 2016-01-15 21:55 UTC
From: yohgaki@php.net Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: Irrelevant OS: *
Private report: No CVE-ID: None
 [2014-01-31 06:22 UTC] yohgaki@php.net
Description:
------------
It's simple not working at all since it is calling PS(defult_mod) functions rather than registered user functions.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-31 06:22 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2014-01-31 06:22 UTC] yohgaki@php.net
-Status: Assigned +Status: Open
 [2014-01-31 09:28 UTC] yohgaki@php.net
It should be fixed to check all required methods are implemented or not.

It should not call simply call old save handler functions essentially when it's a module provided functions. It does not make sense at all to call module save handler.

Current implementation can use some what like class inheritance, e.g. call previously set save handler, I don't know users are using this behavior. For example,

session_set_save_handler($myBaseSessionHandler);
session_set_save_handler($myExtenedSessionHandler);
session_start()

Rather than this. User should use class inheritance

class myExtendedSessionHandler extends myBaseSessionHandler {}

Not like inheritance, when nest level is more than 1, ancestor class method is not called.

session_set_save_handler($BaseSessionHandler); // Useless
session_set_save_handler($myBaseSessionHandler);
session_set_save_handler($myExtenedSessionHandler);
session_start()

It's better to remove this behavior. IMO.
 [2014-01-31 09:39 UTC] yohgaki@php.net
I wander why current implementation does not check implemented interfaces.
 [2015-02-03 06:53 UTC] yohgaki@php.net
-Type: Bug +Type: Feature/Change Request
 [2016-01-15 21:55 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2016-01-15 21:55 UTC] yohgaki@php.net
I made session module abuse harder. Closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC