Commit 4b01cd1bf3f for php.net

commit 4b01cd1bf3fbd115106f8a9956094a9d5de76a00
Author: Gina Peter Banyard <girgias@php.net>
Date:   Tue Feb 10 12:17:47 2026 +0000

    ext/session/mod_mm: implement VALIDATE_SID handler (#21178)

    Rather than "manually" doing it in the READ handler.

    At the same time, get rid of various inconsistent legacy handler macro definitions, thus mandating all modules to implement the create and validate SID handlers.

    The only handler that remains optional is the update timestamp one.

diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS
index c79bd44556d..c4ad30b9bad 100644
--- a/UPGRADING.INTERNALS
+++ b/UPGRADING.INTERNALS
@@ -100,6 +100,12 @@ PHP 8.6 INTERNALS UPGRADE NOTES
     `void **mod_data, zend_string *save_path, zend_string *session_name`
     rather than
     `void **mod_data, const char *save_path, const char *session_name`
+  . PS_FUNCS() now includes the PS_VALIDATE_SID_FUNC()
+  . PS_MOD() now requires that the PS_CREATE_SID_FUNC() and
+    PS_VALIDATE_SID_FUNC() functions are defined.
+  . PS_FUNCS_SID() and PS_MOD_SID() have been removed.
+    Either use PS_FUNCS()/PS_MOD() or PS_FUNCS_UPDATE_TIMESTAMP()/
+    PS_MOD_UPDATE_TIMESTAMP() if timestamp support exists.

 - ext/standard:
   . _php_error_log() now has a formal return type of zend_result.
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index a2d9a5641e7..d6312c5fa1f 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -215,7 +215,7 @@ static zend_result ps_mm_key_exists(ps_mm *data, const zend_string *key)
 }

 const ps_module ps_mod_mm = {
-	PS_MOD_SID(mm)
+	PS_MOD(mm)
 };

 #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA()
@@ -346,26 +346,7 @@ PS_READ_FUNC(mm)

 	mm_lock(data->mm, MM_LOCK_RD);

-	/* If there is an ID and strict mode, verify existence */
-	if (PS(use_strict_mode)
-		&& ps_mm_key_exists(data, key) == FAILURE) {
-		/* key points to PS(id), but cannot change here. */
-		if (key) {
-			efree(PS(id));
-			PS(id) = NULL;
-		}
-		PS(id) = PS(mod)->s_create_sid((void **)&data);
-		if (!PS(id)) {
-			return FAILURE;
-		}
-		if (PS(use_cookies)) {
-			PS(send_cookie) = true;
-		}
-		php_session_reset_id();
-		PS(session_status) = php_session_active;
-	}
-
-	sd = ps_sd_lookup(data, PS(id), false);
+	sd = ps_sd_lookup(data, key, false);
 	if (sd) {
 		*val = zend_string_init(sd->data, sd->datalen, false);
 		ret = SUCCESS;
@@ -488,4 +469,23 @@ PS_CREATE_SID_FUNC(mm)
 	return sid;
 }

+/*
+ * Check session ID existence for use_strict_mode support.
+ * PARAMETERS: PS_VALIDATE_SID_ARGS in php_session.h
+ * RETURN VALUE: SUCCESS or FAILURE.
+ *
+ * Return SUCCESS for valid key(already existing session).
+ * Return FAILURE for invalid key(non-existing session).
+ * *mod_data, *key are guaranteed to have non-NULL values.
+ */
+PS_VALIDATE_SID_FUNC(mm)
+{
+	PS_MM_DATA;
+
+	mm_lock(data->mm, MM_LOCK_RD);
+	zend_result ret = ps_mm_key_exists(data, key)
+	mm_unlock(data->mm);
+	return ret;
+}
+
 #endif
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index 8c857d29a5f..83654686758 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -62,7 +62,7 @@ typedef struct ps_module_struct {
 #define PS_VALIDATE_SID_FUNC(x)	zend_result ps_validate_sid_##x(PS_VALIDATE_SID_ARGS)
 #define PS_UPDATE_TIMESTAMP_FUNC(x) 	zend_result ps_update_timestamp_##x(PS_UPDATE_TIMESTAMP_ARGS)

-/* Legacy save handler module definitions */
+/* Save handler module definitions without timestamp enabled */
 #define PS_FUNCS(x) \
 	PS_OPEN_FUNC(x); \
 	PS_CLOSE_FUNC(x); \
@@ -70,32 +70,15 @@ typedef struct ps_module_struct {
 	PS_WRITE_FUNC(x); \
 	PS_DESTROY_FUNC(x); \
 	PS_GC_FUNC(x);	\
-	PS_CREATE_SID_FUNC(x)
+	PS_CREATE_SID_FUNC(x) \
+	PS_VALIDATE_SID_FUNC(x);

 #define PS_MOD(x) \
-	#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
-	 ps_delete_##x, ps_gc_##x, php_session_create_id, \
-	 php_session_validate_sid, php_session_update_timestamp
-
-/* Legacy SID creation enabled save handler module definitions */
-#define PS_FUNCS_SID(x) \
-	PS_OPEN_FUNC(x); \
-	PS_CLOSE_FUNC(x); \
-	PS_READ_FUNC(x); \
-	PS_WRITE_FUNC(x); \
-	PS_DESTROY_FUNC(x); \
-	PS_GC_FUNC(x); \
-	PS_CREATE_SID_FUNC(x); \
-	PS_VALIDATE_SID_FUNC(x); \
-	PS_UPDATE_TIMESTAMP_FUNC(x);
-
-#define PS_MOD_SID(x) \
 	#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
 	 ps_delete_##x, ps_gc_##x, ps_create_sid_##x, \
-	 php_session_validate_sid, php_session_update_timestamp
+	 ps_validate_sid_##x, NULL

-/* Update timestamp enabled save handler module definitions
-   New save handlers should use this API */
+/* Save handlers with timestamp enabled, it is recommended to use this API */
 #define PS_FUNCS_UPDATE_TIMESTAMP(x) \
 	PS_OPEN_FUNC(x); \
 	PS_CLOSE_FUNC(x); \