php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #69394 SessionHandler should not used previously defined save handler as its base class
Submitted: 2015-04-07 13:19 UTC Modified: 2016-08-27 06:40 UTC
From: deivid dot garcia dot garcia at gmail dot com Assigned: yohgaki (profile)
Status: Assigned Package: Session related
PHP Version: any OS: any
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-04-07 13:19 UTC] deivid dot garcia dot garcia at gmail dot com
Description:
------------
When using the SessionHandler class (that as per documentation wraps over the current native handler set in session.save_handler)to override the session handler with session_set_save_handler() PHP starts reporting that the session.save_handler is "user" after the override.

I can understand that this will happen when using a custom class that implements SessionHandlerInterface or directly passing custom methods to session_set_save_handler, but because we are wrapping over the underlying handler it would be better to report the original session.save_handler when doing an ini_get().

This could be further improved while keeping current behaviour if SessionHandlerInterface exposed a property or function where the Handler could report its name.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-09 21:13 UTC] yohgaki@php.net
-Type: Bug +Type: Feature/Change Request -Operating System: Windows +Operating System: any -PHP Version: 5.6.7 +PHP Version: any
 [2016-08-27 06:40 UTC] yohgaki@php.net
-Summary: session.save_handler incorrectly reported +Summary: SessionHandler should not used previously defined save handler as its base class -Assigned To: +Assigned To: yohgaki
 [2016-08-27 06:40 UTC] yohgaki@php.net
First of all, previously used save handler should not be used as base of SessionHandler. It's only useful to override save/write operation for encryption and/or session data serialization.

I would like to remove feature that SessionHandler object uses previous save handler as base class. 

To do that, we need "user defined serialize handler". There is implementation for this already. This feature was not implemented because of register_globals when session module is implemented.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC