[PHP-DEV] Bug #8978 Updated: Add a 'readonly' possibility to the session module
ID: 8978
User Update by: Maxim Derkachev <[EMAIL PROTECTED]>
Status: Analyzed
Bug Type: Feature/Change Request
Operating system:
PHP Version: 4.0.4pl1
Description: Add a 'readonly' possibility to the session module
Forgot to include the batteries :)
After the patch above is applied, one could do:
session_start(SESS_READ_ONLY);
to start a readonly session.
Functions that supposed to write the session data (core session functions, not actual
savehandler functions) will be disabled.
On the other page, if session_start() is called without the SESS_READ_ONLY flag, one
could get the normal fully functional session, which will write the data. That would
allow to use session in framed pages, when one frame is allowed to change the session
data and another frames only read the data, and in many other cases. E.g. for me the
feature has become inevitable when I needed to write a support chat, which should read
session variables, but should not change them and, the most important, it should not
save them, because a client could browse other parts of the site (and this could
affect the sesson vars) while he is chatting with the support. Without the readonly
possibility, the new session variables could be easily rewrited by the chat script
with outdated values.
Previous Comments:
---
[2001-05-16 04:02:23] Maxim Derkachev <[EMAIL PROTECTED]>
just made a patch against the current sources (session.c and php_session.h).
*** php_session.h.orig Tue May 15 15:16:50 2001
--- php_session.h Tue May 15 15:23:26 2001
***
*** 96,100
--- 96,103
zend_bool define_sid;
zend_bool use_cookies;
+ int readonly;
} php_ps_globals;
+
+ #define SESS_READONLY 1
extern zend_module_entry session_module_entry;
*** session.c.orig Tue May 15 15:16:04 2001
--- session.c Wed May 16 11:54:31 2001
***
*** 526,529
--- 526,533
PLS_FETCH();
+ if (PS(readonly)) {
+ return;
+ }
+
if (!PG(register_globals)) {
if (!PS(http_session_vars)) {
***
*** 899,902
--- 903,911
zend_bool retval = SUCCESS;
+ if (PS(readonly)) {
+ php_error(E_WARNING, "Trying to destroy readonly session");
+ return FAILURE;
+ }
+
if (PS(nr_open_sessions) == 0) {
php_error(E_WARNING, "Trying to destroy uninitialized session");
***
*** 1265,1270
--- 1274,1297
PHP_FUNCTION(session_start)
{
+ pval **flag;
PSLS_FETCH();
+ if (ZEND_NUM_ARGS() > 1)
+ WRONG_PARAM_COUNT;
+
+ if (ZEND_NUM_ARGS() == 0 ) {
+ PS(readonly) = 0;
+ }
+ if (ZEND_NUM_ARGS() == 1 && zend_get_parameters_ex(1, &flag) != FAILURE) {
+ convert_to_long_ex(flag);
+ if (((int) ((*flag)->value.lval)) == SESS_READONLY) {
+ PS(readonly) = 1;
+ }
+ else {
+ PS(readonly) = 0;
+ }
+ }
+
+
php_session_start(PSLS_C);
***
*** 1314,1317
--- 1341,1347
PSLS_FETCH();
+ if (PS(readonly))
+ return;
+
if (PS(nr_open_sessions) == 0)
RETURN_FALSE;
***
*** 1353,1356
--- 1383,1388
PSLS_FETCH();
+ REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY, CONST_CS);
+
php_rinit_session_globals(PSLS_C);
***
*** 1404,1407
--- 1436,1440
PS(module_number) = module_number;
REGISTER_INI_ENTRIES();
+ REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY, CONST_CS);
return SUCCESS;
}
-------
[2001-01-29 06:21:31] Maxim Derkachev <[EMAIL PROTECTED]>
Just faced the fact that the possibility to call session 'readonly'
should be added.
For example, when somebody calls a framed pages where all
frames are php scripts that needs session variables. But in this
case only one of them should be allowed to write session state,
because every frame would write session state in an unpredictable order,
and variables registered/changed in one frame could be overwritten
by other frames, and that would definitely break an application.
I suggest session_start could take an optional READONLY flag to
disable write of the session data during the page shutdown.
The idea is similar to call page_close() on only one frame in a framed page in
PHPLib-based applications.
---
Full Bug description available at: http://
[PHP-DEV] Bug #8978 Updated: Add a 'readonly' possibility to the session module
ID: 8978
User Update by: Maxim Derkachev <[EMAIL PROTECTED]>
Status: Analyzed
Bug Type: Feature/Change Request
Operating system:
PHP Version: 4.0.4pl1
Description: Add a 'readonly' possibility to the session module
just made a patch against the current sources (session.c and php_session.h).
*** php_session.h.orig Tue May 15 15:16:50 2001
--- php_session.h Tue May 15 15:23:26 2001
***
*** 96,100
--- 96,103
zend_bool define_sid;
zend_bool use_cookies;
+ int readonly;
} php_ps_globals;
+
+ #define SESS_READONLY 1
extern zend_module_entry session_module_entry;
*** session.c.orig Tue May 15 15:16:04 2001
--- session.c Wed May 16 11:54:31 2001
***
*** 526,529
--- 526,533
PLS_FETCH();
+ if (PS(readonly)) {
+ return;
+ }
+
if (!PG(register_globals)) {
if (!PS(http_session_vars)) {
***
*** 899,902
--- 903,911
zend_bool retval = SUCCESS;
+ if (PS(readonly)) {
+ php_error(E_WARNING, "Trying to destroy readonly session");
+ return FAILURE;
+ }
+
if (PS(nr_open_sessions) == 0) {
php_error(E_WARNING, "Trying to destroy uninitialized session");
***
*** 1265,1270
--- 1274,1297
PHP_FUNCTION(session_start)
{
+ pval **flag;
PSLS_FETCH();
+ if (ZEND_NUM_ARGS() > 1)
+ WRONG_PARAM_COUNT;
+
+ if (ZEND_NUM_ARGS() == 0 ) {
+ PS(readonly) = 0;
+ }
+ if (ZEND_NUM_ARGS() == 1 && zend_get_parameters_ex(1, &flag) != FAILURE) {
+ convert_to_long_ex(flag);
+ if (((int) ((*flag)->value.lval)) == SESS_READONLY) {
+ PS(readonly) = 1;
+ }
+ else {
+ PS(readonly) = 0;
+ }
+ }
+
+
php_session_start(PSLS_C);
***
*** 1314,1317
--- 1341,1347
PSLS_FETCH();
+ if (PS(readonly))
+ return;
+
if (PS(nr_open_sessions) == 0)
RETURN_FALSE;
***
*** 1353,1356
--- 1383,1388
PSLS_FETCH();
+ REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY, CONST_CS);
+
php_rinit_session_globals(PSLS_C);
***
*** 1404,1407
--- 1436,1440
PS(module_number) = module_number;
REGISTER_INI_ENTRIES();
+ REGISTER_LONG_CONSTANT("SESS_READ_ONLY", SESS_READONLY, CONST_CS);
return SUCCESS;
}
Previous Comments:
-------
[2001-01-29 06:21:31] Maxim Derkachev <[EMAIL PROTECTED]>
Just faced the fact that the possibility to call session 'readonly'
should be added.
For example, when somebody calls a framed pages where all
frames are php scripts that needs session variables. But in this
case only one of them should be allowed to write session state,
because every frame would write session state in an unpredictable order,
and variables registered/changed in one frame could be overwritten
by other frames, and that would definitely break an application.
I suggest session_start could take an optional READONLY flag to
disable write of the session data during the page shutdown.
The idea is similar to call page_close() on only one frame in a framed page in
PHPLib-based applications.
---
Full Bug description available at: http://bugs.php.net/?id=8978
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] PHP 4.0 Bug #8978: Add a 'readonly' possibility to the session module
From: Maxim Derkachev <[EMAIL PROTECTED]> Operating system: PHP version: 4.0.4pl1 PHP Bug Type: Feature/Change Request Bug description: Add a 'readonly' possibility to the session module Just faced the fact that the possibility to call session 'readonly' should be added. For example, when somebody calls a framed pages where all frames are php scripts that needs session variables. But in this case only one of them should be allowed to write session state, because every frame would write session state in an unpredictable order, and variables registered/changed in one frame could be overwritten by other frames, and that would definitely break an application. I suggest session_start could take an optional READONLY flag to disable write of the session data during the page shutdown. The idea is similar to call page_close() on only one frame in a framed page in PHPLib-based applications. -- Edit Bug report at: http://bugs.php.net/?id=8978&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
