Re: [phplib] Session IV From: Maxim Derkachev (max.derkachev <email protected>)
Date: 05/30/01

Hi everybody.

Wednesday, May 30, 2001, 6:57:03 PM, Ulf Wendel wrote:

UW> "Session IV ... the never ending story" or "Battlefight against cookies"
:)

UW> I personally had not problems yet with transparently switching to the
UW> new classes.
The main differences that everyone who intend to use those classes
should note, is how auto_init is now used and how page_close() is NOT
used.
The first one. In Session3 (I'll call it so) there were $in property
that was used as a marker, did auto_init file was used at the very first
session startup or not. $in was registered with the session, so if $in was
set to true, it would be set to true also on subsequent session calls,
and auto_init file would not be included anymore.
Now we have different situation. With the new mechanism of native PHP4
variable registration with the session, it is impossible to register
sole class property without registering the whole class. I guess I
don't need to explain why we don't need to register Session class with
the session :) That means that auto_init file is included at EVERY
hit.
So, the best way to avoid trouble when some stuff from auto_init
should be executed only once during the session, the stuff should be
tested with is_registered() first. I assume the best place for those
checks is the auto_init file itself. The other way is to use some
external marker, and hack the page.inc.

The second one. You don't need to call page_close() anymore, if you
don't use User class or something else that would need page_close() to
function.
The bad side of it that you can not make the session read-only by not
calling page_close(). The problem could be easily solved when you use
Session_Custom by introducing a flag, say, $readonly, and check its
value in freeze(). You'll have to hack freeze() so it could respect
$readonly value and don't call ac_store() (even better, it should
return true at the very first line if $readonly == true). Sorry, but
you can not do so while using PHP's standard storage.
The better way is to change the PHP session module behavior itself, by
passing a readonly flag to the session_start(), so the core functions
that write the state could see it and refused to write anything if the
readonly flag is set. I've posted a feature request in January, but it
is still nowhere. The history is at http://www.php.net/bugs.php?id=8978.
You can also find a patch there made by me that could provide such a
functionality (quite usable for me). If it merged into PHP CVS, some
hacks that make read-only session possible with Session4 classes will
appear at PHPLib CVS. 

-- 
Best regards,
Maxim Derkachev mailto:max.derkachev <email protected>
System administrator & programmer,
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
www.books.ru, www.symbol.ru 

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>