archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

session: Deprecate session.sid_length and session.sid_bits_per_character (#15213)

Browse source 
RFC: https://wiki.php.net/rfc/deprecations_php_8_4
This commit is contained in:
Tim Düsterhus 2024-08-04 18:25:31 +02:00 committed by GitHub
parent f5f9294153
commit e8ff7c70f9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 23 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -17,6 +17,10 @@ PHP NEWS
- Random: - Random:
. lcg_value() is now deprecated. (timwolla) . lcg_value() is now deprecated. (timwolla)
- Session:
. INI settings session.sid_length and session.sid_bits_per_character are now
deprecated. (timwolla)
- Standard: - Standard:
. Unserializing the uppercase 'S' tag is now deprecated. (timwolla) . Unserializing the uppercase 'S' tag is now deprecated. (timwolla)

4
UPGRADING
View file

@ -446,6 +446,10 @@ PHP 8.4 UPGRADE NOTES
- Session: - Session:
. Calling session_set_save_handler() with more than 2 arguments is . Calling session_set_save_handler() with more than 2 arguments is
deprecated. Use the 2-parameter signature instead. deprecated. Use the 2-parameter signature instead.
. Changing the INI settings session.sid_length and session.sid_bits_per_character
is deprecated. Update the session storage backend to accept 32 character
hexadecimal session IDs and stop changing these two INI settings.
RFC: https://wiki.php.net/rfc/deprecations_php_8_4
- Standard: - Standard:
. Calling stream_context_set_option() with 2 arguments is deprecated. . Calling stream_context_set_option() with 2 arguments is deprecated.

6
ext/session/session.c
View file

@ -751,6 +751,9 @@ static PHP_INI_MH(OnUpdateSidLength) /* {{{ */
SESSION_CHECK_ACTIVE_STATE; SESSION_CHECK_ACTIVE_STATE;
SESSION_CHECK_OUTPUT_STATE; SESSION_CHECK_OUTPUT_STATE;
val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10); val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
if (val != 32) {
zend_error(E_DEPRECATED, "session.sid_length INI setting is deprecated");
}
if (endptr && (*endptr == '\0') if (endptr && (*endptr == '\0')
&& val >= 22 && val <= PS_MAX_SID_LENGTH) { && val >= 22 && val <= PS_MAX_SID_LENGTH) {
/* Numeric value */ /* Numeric value */
@ -771,6 +774,9 @@ static PHP_INI_MH(OnUpdateSidBits) /* {{{ */
SESSION_CHECK_ACTIVE_STATE; SESSION_CHECK_ACTIVE_STATE;
SESSION_CHECK_OUTPUT_STATE; SESSION_CHECK_OUTPUT_STATE;
val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10); val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
if (val != 4) {
zend_error(E_DEPRECATED, "session.sid_bits_per_character INI setting is deprecated");
}
if (endptr && (*endptr == '\0') if (endptr && (*endptr == '\0')
&& val >= 4 && val <=6) { && val >= 4 && val <=6) {
/* Numeric value */ /* Numeric value */

1
ext/session/tests/bug68063.phpt
View file

@ -22,5 +22,6 @@ var_dump(session_start());
var_dump(session_id()); var_dump(session_id());
?> ?>
--EXPECTF-- --EXPECTF--
Deprecated: session.sid_length INI setting is deprecated in Unknown on line 0
bool(true) bool(true)
string(40) "%s" string(40) "%s"

10
ext/session/tests/session_id_basic2.phpt
View file

@ -11,13 +11,13 @@ ob_start();
echo "*** Testing session_id() : basic functionality ***\n"; echo "*** Testing session_id() : basic functionality ***\n";
ini_set('session.sid_bits_per_chracter', 6); ini_set('session.sid_bits_per_character', 6);
ini_set('session.sid_length', 120); ini_set('session.sid_length', 120);
session_start(); session_start();
var_dump(session_id()); var_dump(session_id());
session_commit(); session_commit();
ini_set('session.sid_bits_per_chracter', 4); ini_set('session.sid_bits_per_character', 4);
ini_set('session.sid_length', 22); ini_set('session.sid_length', 22);
session_start(); session_start();
session_regenerate_id(); session_regenerate_id();
@ -28,6 +28,12 @@ echo "Done";
?> ?>
--EXPECTF-- --EXPECTF--
*** Testing session_id() : basic functionality *** *** Testing session_id() : basic functionality ***
Deprecated: session.sid_bits_per_character INI setting is deprecated in %s on line %d
Deprecated: session.sid_length INI setting is deprecated in %s on line %d
string(120) "%s" string(120) "%s"
Deprecated: session.sid_length INI setting is deprecated in %s on line %d
string(22) "%s" string(22) "%s"
Done Done

21
php.ini-development
View file

@ -1422,15 +1422,6 @@ session.cache_expire = 180
; https://php.net/session.use-trans-sid ; https://php.net/session.use-trans-sid
session.use_trans_sid = 0 session.use_trans_sid = 0
; Set session ID character length. This value could be between 22 to 256.
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
; https://php.net/session.sid-length
; Default Value: 32
; Development Value: 26
; Production Value: 26
session.sid_length = 26
; The URL rewriter will look for URLs in a defined set of HTML tags. ; The URL rewriter will look for URLs in a defined set of HTML tags.
; <form> is special; if you include them here, the rewriter will ; <form> is special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended ; add a hidden <input> field with the info which is otherwise appended
@ -1456,18 +1447,6 @@ session.trans_sid_tags = "a=href,area=href,frame=src,form="
; Production Value: "" ; Production Value: ""
;session.trans_sid_hosts="" ;session.trans_sid_hosts=""
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; https://php.net/session.hash-bits-per-character
session.sid_bits_per_character = 5
; Enable upload progress tracking in $_SESSION ; Enable upload progress tracking in $_SESSION
; Default Value: On ; Default Value: On
; Development Value: On ; Development Value: On

21
php.ini-production
View file

@ -1424,15 +1424,6 @@ session.cache_expire = 180
; https://php.net/session.use-trans-sid ; https://php.net/session.use-trans-sid
session.use_trans_sid = 0 session.use_trans_sid = 0
; Set session ID character length. This value could be between 22 to 256.
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
; https://php.net/session.sid-length
; Default Value: 32
; Development Value: 26
; Production Value: 26
session.sid_length = 26
; The URL rewriter will look for URLs in a defined set of HTML tags. ; The URL rewriter will look for URLs in a defined set of HTML tags.
; <form> is special; if you include them here, the rewriter will ; <form> is special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended ; add a hidden <input> field with the info which is otherwise appended
@ -1458,18 +1449,6 @@ session.trans_sid_tags = "a=href,area=href,frame=src,form="
; Production Value: "" ; Production Value: ""
;session.trans_sid_hosts="" ;session.trans_sid_hosts=""
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; https://php.net/session.hash-bits-per-character
session.sid_bits_per_character = 5
; Enable upload progress tracking in $_SESSION ; Enable upload progress tracking in $_SESSION
; Default Value: On ; Default Value: On
; Development Value: On ; Development Value: On