If the previous value of session.name was NULL then any call to
session_name($string) would result in a segmentation fault.
This changes the behaviour to set the value of session.name to
"PHPSESSID" if a blank value is given in php.ini or via -d on the
command line. There is already protection against setting it to NULL via
session_name() or ini_set().
Request #25630
Request #43980
Request #54383
Bug #65359
and many others similar to these that are closed as "wont fix" or
"not a bug".
Current serializers have limitations due to register_globals support
that are no longer supported. Changing existing serializer may cause
compatibility issue. Therefore, new handler is needed to remove
needless limitations.
php_serialize does not have special characters and allow numerical
index in $_SESSION. $_SESSION can be used as ordinary array.
* PHP-5.4:
Fixed mysql tests parsing phpinfo()
Update NEWS
Fixed bug #35703: when session_name("123") consist only digits, should warning
Fixed bug #49175: mod_files.sh does not support hash bits
When uploading multiple files, the array in the session where the progress
data is stored (and cancel_upload key is set) was overwritten whenever the
progress data was updated, so pending uploads would proceed anyway.
Creates a new SessionIdInterface and moves create_sid() into it, so existing
handlers implementing SessionHandlerInterface don't require create_sid().
SessionHandler still includes the method so the default mod can be called, but
now implements both interfaces.
Also added several more tests for this feature.
Allows user session handlers to create session IDs by adding an optional
7th argument to session_set_save_handler() and a create_sid() method
to SessionHandler.
* Amended existing tests to cater for new functionality.
* Implemented fixes and optimisations recommended by NikiC
* Added create_sid to the registered interface. This was breaking
tests. It also now breaks BC for people implementing the interface
directly instead of extending the class.
A lot of code already existed to allow a custom create_sid handler, but
lacked a specific implementation.
Therefore I have added a 7th (optional) argument
session_set_save_handler, to allow a user function to be supplied for
session id generation.
If a create_sid function is not supplied, the default function is
called in its absence to preserve backwards compatibility.
Likewise create_sid only added to SessionHandler class, and not the
interface to maintain backwards compatibility. If the result is not
overridden, the default is called.
