On 23.06.2021 at 09:08, Mathieu Dubois wrote: > Dear list, > > I'm trying to understand PHP session handlers and more precisely the > return value of SessionHandlerInterface::read. > > The doc [1] states (emphasis mine): > > Returns an encoded string of the read data. *If nothing was read, it > must return false*. Note this value is returned internally to PHP > for processing. > > However, the example used in the documentation of the SessionHandler > class [2] and other implementations (for instance Symfony's > PdoSessionHandler [3]) seem to return an empty string when nothing can > be read. > > If I understand well, the first time you connect to an host, nothing can > be read. My own test seems to indicate that returning false in this case > triggers an error while returning an empty string creates a new session. > > Can someone clarify this ? How is the value false used ? More generally, > I haven't found a clear explanation of which method is called at which > time during session creation and how the values are used. > > Note that I have posted the same question on SO [4] but I'm not > satisfied by the answers. > > Thanks in advance, > Mathieu > > [1] https://www.php.net/manual/en/sessionhandlerinterface.read.php > [2] https://www.php.net/manual/en/class.sessionhandler > [3] > https://github.com/symfony/symfony/blob/c71c8727cc665c9e9b56e299fcfcc0adfbf02bac/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php#L638 > > [4] https://stackoverflow.com/questions/68025570 Before ::read() is called, open() is called. ::open() is suppossed to create the empty session data, if no data for the given session exist. This empty data string should then be returned from ::read(). If ::read() fails to read the data, it should return false (or actually any non-string value in the current implementation) to signal failure. Christoph
