ext/session/mod_mm: implement VALIDATE_SID handler (php#21178)

Rather than "manually" doing it in the READ handler.

At the same time, get rid of various inconsistent legacy handler macro definitions, thus mandating all modules to implement the create and validate SID handlers.

The only handler that remains optional is the update timestamp one.

Author: Girgias

UPGRADING.INTERNALS

@@ -100,6 +100,12 @@ PHP 8.6 INTERNALS UPGRADE NOTES
     `void **mod_data, zend_string *save_path, zend_string *session_name`
     rather than
     `void **mod_data, const char *save_path, const char *session_name`
+  . PS_FUNCS() now includes the PS_VALIDATE_SID_FUNC()
+  . PS_MOD() now requires that the PS_CREATE_SID_FUNC() and
+    PS_VALIDATE_SID_FUNC() functions are defined.
+  . PS_FUNCS_SID() and PS_MOD_SID() have been removed.
+    Either use PS_FUNCS()/PS_MOD() or PS_FUNCS_UPDATE_TIMESTAMP()/
+    PS_MOD_UPDATE_TIMESTAMP() if timestamp support exists.
 
 - ext/standard:
   . _php_error_log() now has a formal return type of zend_result.

ext/session/mod_mm.c

@@ -215,7 +215,7 @@ static zend_result ps_mm_key_exists(ps_mm *data, const zend_string *key)
 }
 
 const ps_module ps_mod_mm = {
-	PS_MOD_SID(mm)
+	PS_MOD(mm)
 };
 
 #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA()
@@ -346,26 +346,7 @@ PS_READ_FUNC(mm)
 
 	mm_lock(data->mm, MM_LOCK_RD);
 
-	/* If there is an ID and strict mode, verify existence */
-	if (PS(use_strict_mode)
-		&& ps_mm_key_exists(data, key) == FAILURE) {
-		/* key points to PS(id), but cannot change here. */
-		if (key) {
-			efree(PS(id));
-			PS(id) = NULL;
-		}
-		PS(id) = PS(mod)->s_create_sid((void **)&data);
-		if (!PS(id)) {
-			return FAILURE;
-		}
-		if (PS(use_cookies)) {
-			PS(send_cookie) = true;
-		}
-		php_session_reset_id();
-		PS(session_status) = php_session_active;
-	}
-
-	sd = ps_sd_lookup(data, PS(id), false);
+	sd = ps_sd_lookup(data, key, false);
 	if (sd) {
 		*val = zend_string_init(sd->data, sd->datalen, false);
 		ret = SUCCESS;
@@ -488,4 +469,23 @@ PS_CREATE_SID_FUNC(mm)
 	return sid;
 }
 
+/*
+ * Check session ID existence for use_strict_mode support.
+ * PARAMETERS: PS_VALIDATE_SID_ARGS in php_session.h
+ * RETURN VALUE: SUCCESS or FAILURE.
+ *
+ * Return SUCCESS for valid key(already existing session).
+ * Return FAILURE for invalid key(non-existing session).
+ * *mod_data, *key are guaranteed to have non-NULL values.
+ */
+PS_VALIDATE_SID_FUNC(mm)
+{
+	PS_MM_DATA;
+
+	mm_lock(data->mm, MM_LOCK_RD);
+	zend_result ret = ps_mm_key_exists(data, key)
+	mm_unlock(data->mm);
+	return ret;
+}
+
 #endif

ext/session/php_session.h

@@ -62,40 +62,23 @@ typedef struct ps_module_struct {
 #define PS_VALIDATE_SID_FUNC(x)	zend_result ps_validate_sid_##x(PS_VALIDATE_SID_ARGS)
 #define PS_UPDATE_TIMESTAMP_FUNC(x) 	zend_result ps_update_timestamp_##x(PS_UPDATE_TIMESTAMP_ARGS)
 
-/* Legacy save handler module definitions */
+/* Save handler module definitions without timestamp enabled */
 #define PS_FUNCS(x) \
 	PS_OPEN_FUNC(x); \
 	PS_CLOSE_FUNC(x); \
 	PS_READ_FUNC(x); \
 	PS_WRITE_FUNC(x); \
 	PS_DESTROY_FUNC(x); \
 	PS_GC_FUNC(x);	\
-	PS_CREATE_SID_FUNC(x)
+	PS_CREATE_SID_FUNC(x) \
+	PS_VALIDATE_SID_FUNC(x);
 
 #define PS_MOD(x) \
-	#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
-	 ps_delete_##x, ps_gc_##x, php_session_create_id, \
-	 php_session_validate_sid, php_session_update_timestamp
-
-/* Legacy SID creation enabled save handler module definitions */
-#define PS_FUNCS_SID(x) \
-	PS_OPEN_FUNC(x); \
-	PS_CLOSE_FUNC(x); \
-	PS_READ_FUNC(x); \
-	PS_WRITE_FUNC(x); \
-	PS_DESTROY_FUNC(x); \
-	PS_GC_FUNC(x); \
-	PS_CREATE_SID_FUNC(x); \
-	PS_VALIDATE_SID_FUNC(x); \
-	PS_UPDATE_TIMESTAMP_FUNC(x);
-
-#define PS_MOD_SID(x) \
 	#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
 	 ps_delete_##x, ps_gc_##x, ps_create_sid_##x, \
-	 php_session_validate_sid, php_session_update_timestamp
+	 ps_validate_sid_##x, NULL
 
-/* Update timestamp enabled save handler module definitions
-   New save handlers should use this API */
+/* Save handlers with timestamp enabled, it is recommended to use this API */
 #define PS_FUNCS_UPDATE_TIMESTAMP(x) \
 	PS_OPEN_FUNC(x); \
 	PS_CLOSE_FUNC(x); \