Fix types of bug_compat entries

PR: #21312
Submitted by: Rob Richards <rrichards@ctindustries.net>

dividend -> divisor

Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>

Refactor new-session-id code

Remember whether to send a cookie, so that we send out the correct
session id. Also improve check for active session

add session_regenerate_id()

use appropiate prefixes in the ps_module structure so we don't clash
with syscalls

Add INI setting session.hash_bits_per_character which enables developers
to choose how session ids are represented, regardless of the hash algorithm.

add INI setting session.hash_function
add support for creating session ids using SHA-1
source more entropy for session ids

Bump year.

Make the interpretation of gc_probability configurable by adding
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.

Nuke PS(vars), we keep the state of registered session variables now
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes

Nuke PS(vars), we keep the state of registered session variables now
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.

show more ...

The session extension ensures now that get_session_var can rely
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was

The session extension ensures now that get_session_var can rely
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) : Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed. If anyone
has any idea on how to fix that, please step forward.

show more ...

Make unset($_SESSION['foo']) actually remove the variable from the session,
if register_globals is off.

This option enables administrators to make their users invulnerable to
attacks which involve passing session ids in URLs.

re-add accidentily nuked session_adapt_url()

@ - Added output_add_rewrite_var() and output_remove_rewrite_var() to inject
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so i

@ - Added output_add_rewrite_var() and output_remove_rewrite_var() to inject
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more

show more ...

revert session_set_userdata - diffent patch will come shortly

@ - added session_set_userdata() which enables you to specify one variable
@ that will be kept in the browser in addition to the session-id. This
@ only works when using trans-sid session

@ - added session_set_userdata() which enables you to specify one variable
@ that will be kept in the browser in addition to the session-id. This
@ only works when using trans-sid sessions (no cookie). (thies)

show more ...

- Proper use of underscores (s/createsid/create_sid/)
- Bump the API date and remove extra cpp macro
- Pass TSRMLS appropiately to the create_sid function

Added field to ps_module structure to hold function pointer for the creation
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro

Added field to ps_module structure to hold function pointer for the creation
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.

show more ...

Merge in session API changes (carry around tsrm context)

Now PHP_SESSION_API is defined to the date of the last change,
so that externa source-code can handle changes more gracefully.

Weep out all recent commits of Yasuo.

I don't have time right now to leave in the good ones and remove
only the bad ones.

There are some semantical changes which I reject, becau

Weep out all recent commits of Yasuo.

I don't have time right now to leave in the good ones and remove
only the bad ones.

There are some semantical changes which I reject, because
they aim at fixing a bug which is at a completely other location.

Then SID does not gefined anymore properly. (This broken patch
has not been sent to me at all.)

Also, there were *so* many whitespace changes which already
make these commits bogus.

show more ...

More TSRM work

Maintain headers.

move to the ZEND_DECLARE_MODULE_GLOBALS() and ZEND_EXTERN_MODULE_GLOBALS
macros