PHP RFC: Fix handling of custom session handler return values

• Version: 1.0
• Date: 2014-05-15
• Author: Sara Golemon, pollita@php.net
• Status: Implemented (PHP 7.0)
• First Published at: http://wiki.php.net/rfc/session.user.return-value

The logic in ext/session/mod_user.c is just plain wrong.

http://us2.php.net/session_set_save_handler

• “[For all callback functions] Return value is TRUE for success, FALSE for failure.”

Yet in ext/session/mod_user.c:

 PS_FUNC(user) {
  /* blah blah */
  zval *retval = ps_call_handler(PSF(func), argc, argc);
  if (retval) {
     convert_to_long(retval);
     return Z_LVAL_P(retval);
  }
  return FAILURE;
}

Remembering that SUCCESS == 0, and FAILURE == -1

So what does that mean for return values?

• return false => return (int)false => return 0 => return SUCCESS
• return true => return (int)true) => return 1 => return NeitherSUCCESSnorFAILURE

Change the FINISH macro in session.c to map true to SUCCESS, false to FAILURE, warn (and fail) for integer -1, and warn (but succeed) for anything else.

• Anyone currently returning -1 for failure (because that's what ends up working as expected) now gets a warning.
• Anyone returning false for failure now actually goes down the failure path (and this might be unexpected due to how long this has been wrong).

Either 5.next (5.7?) or phpng due to the age of this bug.

Fix custom session save handler using the patch as written
Real name	Yes	No
aharvey
bwoebi
kassner
levim
mike
oaass
pollita
stas
treffynnon
tyrael
Final result:	10	0
This poll has been closed.

Which version?
Real name	5.6 or later	5.7 or later	6.0 or later
aharvey
auroraeosrose
bwoebi
fmk
kassner
levim
mike
oaass
pollita
stas
treffynnon
tyrael
Final result:	0	9	3
This poll has been closed.

Voting Opened Jun 10, 2014 Voting Closes Jun 24, 2014

• https://github.com/sgolemon/php-src/compare/session.user.return-value?expand=1