Don't use persistent string/attribute for the global SID constant, which is
created at runtime and destroyed at the end of the request.
Requires CFLAGS="-DZEND_RC_DEBUG=1" to reproduce.
Closes GH-19595
* Add SAPI_HEADER_DELETE_PREFIX operation
The session ext currently munges into the linked list of headers
itself, because the delete header API is given the key for headers to
delete. The session ext wants to use a prefix past the colon separator,
for i.e. "Set-Cookie: PHPSESSID=", to eliminate only the specific cookie
rather than all cookies.
This changes the SAPI code to add a new header op to take a prefix
instead. Call sites are yet unchanged. Also fix some whitespace.
* Simplify cookie setting code in ext/session
Use the modern SAPI header ops API, including the remove prefix op we
just added.
* [ci skip] Remove redundant and unnecessary comment
The purpose of this is clear, and after refactoring, the special case is
no longer there, so it has no value.
* Un-deprecate simple add/replace header API, use it
Suggestion from Jakub.
* Restore the optimization removing session cookies had
I don't think this needs to be special cased with the parameter.
* Move setting header length to caller
Suggestion from Jakub.
* [ci skip] adjust tab count
It may be better to use spaces in here instead.
* Use session_cookie_len rather than calling strlen
* Unify headers already sent errors
Now whenever we need to check where headers were already sent in
ext/session, we call a single location that prints where, keeping it
consistent output wise.
* Unify session aready started errors
Similar to the one for headers.
* Also change session active checks too
This usually go hand in hand with the headers already sent checks, but
is in a separate commit because of the amount of tests it changes.
We had previously improved where sessions were already started, and
where headers were already sent when setting headers, but not where a
header has been sent if we try to set the header cookie.
Fixes GH-16372
Two issues:
1) The check happened before ZPP checks
2) The `return;` statement caused NULL to be returned while this
function can only return booleans. An exception seems not acceptable
in stable versions, but a warning may do.
Closes GH-16386.
This partially reverts 0956267c08, which
introduced a type incompatibility where an `int` function is assigned
to a `zend_result` function. That yields a level 1 C4133 warning on
MSVC, and usually (e.g. in CI) level 1 warnings are elevated to errors,
so the build fails.[1]
The PHP-8.3 branch and up are uneffected by this, so the upward merges
should be empty.
[1] <https://github.com/php/php-src/commit/0956267c08b8ea8cc8e8e2b31fe0ce12f060e47e#r144587696>
This fixes -Winline errors where the functions are not ever inlined.
Also fixes some signature mismatches which were fixed previously but
for whatever reason were not ported to all maintained branches:
/usr/local/src/php/ext/session/session.c:1299:20:
warning:conflicting types for 'php_session_send_cookie' due to enum/integer mismatch;
have 'zend_result(void)' {aka 'ZEND_RESULT_CODE(void)'} [-Wenum-int-mismatch]
1299 | static zend_result php_session_send_cookie(void) /* {{{ */
| ^~~~~~~~~~~~~~~~~~~~~~~
/usr/local/src/php/ext/session/session.c:100:12:
note: previous declaration of 'php_session_send_cookie' with type 'int(void)'
100 | static int php_session_send_cookie(void);
| ^~~~~~~~~~~~~~~~~~~~~~~
Alexandre Daubois