Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8c71454

Browse files
fabpotfabpot
committed
bug #10908 [HttpFoundation] implement session locking for PDO (Tobion)
This PR was merged into the 2.3 branch. Discussion ---------- [HttpFoundation] implement session locking for PDO | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #4976 for PDO | License | MIT This is probably the first Session Handler for databases that actually works with locking. I've seen many implementations of session handlers (mostly only for one database vendor) while researching and none used locking. Not even the [PHPs SQLite session handler](https://github.com/php/php-src/blob/PHP-5.3/ext/sqlite/sess_sqlite.c) or [PECL Postgres Handler](http://svn.php.net/viewvc/pecl/session_pgsql/trunk/session_pgsql.c?revision=326806&view=markup) implemented locking correctly which is probably the reason why they have been discontinued. [Zend Session](https://github.com/zendframework/zf2/blob/master/library/Zend/Session/SaveHandler/DbTableGateway.php) seems not to use locking either. But it saves the lifetime together with the session which seems like a good idea because you could have different lifetimes for different sessions. - Implements session locking for MySQL, Postgres, Oracle, SQL Server and SQLite. Only tested it for MySQL. So would be good if someone can confirm it works as intended on the other databases as well. - Also removed the custom RuntimeException which is not useful and a PDOException extends RuntimeException anyway, so no BC break. - I added a default for the table name to be in line with the DoctrineSessionHandler. - Check session.gc_maxlifetime in read(). Imagine we have only ever one user on an app. If maxlifetime is not checked in read, his session would never expire! What I don't get is why PHP calls gc() after read() instead of calling it before... Strange decision. For this reason I also had to do the following to improve performance. - I delay gc() to close() so that it is executed outside the transactional and blocking read-write process. This way, pruning expired sessions does not block them from being started while the current session is used. - Fixed time update for Oracle and SQL Server. Commits ------- 50ec828 [HttpFoundation] implement session locking for PDO
2 parents 735e9a4 + 50ec828 commit 8c71454

File tree

3 files changed

+327
-115
lines changed

3 files changed

+327
-115
lines changed

src/Symfony/Component/HttpFoundation/Resources/stubs/SessionHandlerInterface.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,22 @@
1212
/**
1313
* SessionHandlerInterface for PHP < 5.4
1414
*
15+
* The order in which these methods are invoked by PHP are:
16+
* 1. open [session_start]
17+
* 2. read
18+
* 3. gc [optional depending on probability settings: gc_probability / gc_divisor]
19+
* 4. destroy [optional when session_regenerate_id(true) is used]
20+
* 5. write [session_write_close] or destroy [session_destroy]
21+
* 6. close
22+
*
1523
* Extensive documentation can be found at php.net, see links:
1624
*
1725
* @see http://php.net/sessionhandlerinterface
1826
* @see http://php.net/session.customhandler
1927
* @see http://php.net/session-set-save-handler
2028
*
2129
* @author Drak <[email protected]>
30+
* @author Tobias Schultze <http://tobion.de>
2231
*/
2332
interface SessionHandlerInterface
2433
{
@@ -57,6 +66,9 @@ public function read($sessionId);
5766
/**
5867
* Writes the session data to the storage.
5968
*
69+
* Care, the session ID passed to write() can be different from the one previously
70+
* received in read() when the session ID changed due to session_regenerate_id().
71+
*
6072
* @see http://php.net/sessionhandlerinterface.write
6173
*
6274
* @param string $sessionId Session ID , see http://php.net/function.session-id

0 commit comments

Comments
 (0)