Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fix GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method

NEWS

@@ -21,6 +21,8 @@ PHP                                                                        NEWS
 - Session:
   . Fixed GH-9584 (Avoid memory corruption when not unregistering custom session
     handler). (ilutov)
+  . Fixed bug GH-9583 (session_create_id() fails with user defined save handler
+      that doesn't have a validateId() method). (Girgias)
 
 - Standard:
   . Revert "Fixed parse_url(): can not recognize port without scheme."

ext/session/session.c

@@ -1068,8 +1068,9 @@ PHPAPI zend_result php_session_register_module(const ps_module *ptr) /* {{{ */
 /* }}} */
 
 /* Dummy PS module function */
+/* We consider any ID valid, so we return FAILURE to indicate that a session doesn't exist */
 PHPAPI zend_result php_session_validate_sid(PS_VALIDATE_SID_ARGS) {
-	return SUCCESS;
+	return FAILURE;
 }
 
 /* Dummy PS module function */

ext/session/tests/gh9583.phpt

@@ -0,0 +1,45 @@
+--TEST--
+GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+class SessionHandlerTester implements \SessionHandlerInterface
+{
+
+    public function close(): bool { return true; }
+
+    public function destroy($id): bool { return true; }
+
+    public function gc($max_lifetime): int|false { return 1; }
+
+    public function open($path, $name): bool { return true; }
+
+    public function read($id): string { return ''; }
+
+    public function write($id, $data): bool { return true; }
+
+    //public function create_sid() { return uniqid(); }
+
+    //public function validateId($key) { return true; }
+}
+
+$obj = new SessionHandlerTester();
+ini_set('session.use_strict_mode','1');
+session_set_save_handler($obj);
+session_start();
+
+echo "\nvalidateId() ".(method_exists($obj,'validateId')?('returns '.($obj->validateId(1)?'true':'false')):'is commented out');
+echo "\n";
+$sessionId = session_create_id();
+echo "\nSession ID:".$sessionId;
+echo "\n";
+
+?>
+--EXPECTF--
+validateId() is commented out
+
+Session ID:%s