From 0188958b269b1597c446f47346dae7a7b2ab0ca4 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:04:24 +0000
Subject: [PATCH 1/6] ext/session: fix typo in comment

---
 ext/session/session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index da4e57ff9a1d..4b49f14b29b2 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1682,7 +1682,7 @@ PHPAPI zend_result php_session_start(void)
 	 * Cookies are preferred, because initially cookie and get
 	 * variables will be available.
 	 * URL/POST session ID may be used when use_only_cookies=Off.
-	 * session.use_strice_mode=On prevents session adoption.
+	 * session.use_strict_mode=On prevents session adoption.
 	 * Session based file upload progress uses non-cookie ID.
 	 */
 

From 7ac9e9edc19d96c70dcbb63a39bae56fcee901ae Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:05:51 +0000
Subject: [PATCH 2/6] ext/session: simplify php_session_reset()

---
 ext/session/session.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index 4b49f14b29b2..e6412bbc0d81 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1749,11 +1749,7 @@ static bool php_session_abort(void)
 
 static bool php_session_reset(void)
 {
-	if (PS(session_status) == php_session_active
-		&& php_session_initialize() == SUCCESS) {
-		return true;
-	}
-	return false;
+	return PS(session_status) == php_session_active && php_session_initialize() == SUCCESS;
 }
 
 /* ********************************

From 2469cca9d1c3a68567b8d762fa2f74434c5fec24 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:12:51 +0000
Subject: [PATCH 3/6] ext/session: reduce scope of variables

---
 ext/session/session.c | 36 ++++++++++++------------------------
 1 file changed, 12 insertions(+), 24 deletions(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index e6412bbc0d81..31c525c89e8c 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -995,15 +995,12 @@ PS_SERIALIZER_ENCODE_FUNC(php_binary)
 
 PS_SERIALIZER_DECODE_FUNC(php_binary)
 {
-	const char *p;
 	const char *endptr = val + vallen;
-	zend_string *name;
 	php_unserialize_data_t var_hash;
-	zval *current, rv;
 
 	PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
-	for (p = val; p < endptr; ) {
+	for (const char *p = val; p < endptr; ) {
 		size_t namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF);
 
 		if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
@@ -1011,11 +1008,12 @@ PS_SERIALIZER_DECODE_FUNC(php_binary)
 			return FAILURE;
 		}
 
-		name = zend_string_init(p + 1, namelen, false);
+		zend_string *name = zend_string_init(p + 1, namelen, false);
 		p += namelen + 1;
-		current = var_tmp_var(&var_hash);
+		zval *current = var_tmp_var(&var_hash);
 
 		if (php_var_unserialize(current, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash)) {
+			zval rv;
 			ZVAL_PTR(&rv, current);
 			php_set_session_var(name, &rv, &var_hash);
 		} else {
@@ -1300,8 +1298,6 @@ static const php_session_cache_limiter_t php_session_cache_limiters[] = {
 
 static int php_session_cache_limiter(void)
 {
-	const php_session_cache_limiter_t *lim;
-
 	if (ZSTR_LEN(PS(cache_limiter)) == 0) {
 		return 0;
 	}
@@ -1313,7 +1309,7 @@ static int php_session_cache_limiter(void)
 		return -2;
 	}
 
-	for (lim = php_session_cache_limiters; lim->name; lim++) {
+	for (const php_session_cache_limiter_t *lim = php_session_cache_limiters; lim->name; lim++) {
 		if (!strcasecmp(lim->name, ZSTR_VAL(PS(cache_limiter)))) {
 			lim->func();
 			return 0;
@@ -1446,9 +1442,8 @@ PHPAPI const ps_module *_php_find_ps_module(const char *name)
 PHPAPI const ps_serializer *_php_find_ps_serializer(const char *name)
 {
 	const ps_serializer *found_serializer = NULL;
-	const ps_serializer *current_serializer;
 
-	for (current_serializer = ps_serializers; current_serializer->name; current_serializer++) {
+	for (const ps_serializer *current_serializer = ps_serializers; current_serializer->name; current_serializer++) {
 		if (!strcasecmp(name, current_serializer->name)) {
 			found_serializer = current_serializer;
 			break;
@@ -1643,16 +1638,14 @@ PHPAPI zend_result php_session_reset_id(void)
 
 PHPAPI zend_result php_session_start(void)
 {
-	const char *value;
-
 	switch (PS(session_status)) {
 		case php_session_active:
 			php_session_session_already_started_error(E_NOTICE, "Ignoring session_start() because a session has already been started");
 			return FAILURE;
 			break;
 
-		case php_session_disabled:
-			value = zend_ini_string(ZEND_STRL("session.save_handler"), false);
+		case php_session_disabled: {
+			const char *value = zend_ini_string(ZEND_STRL("session.save_handler"), false);
 			if (!PS(mod) && value) {
 				PS(mod) = _php_find_ps_module(value);
 				if (!PS(mod)) {
@@ -1670,6 +1663,7 @@ PHPAPI zend_result php_session_start(void)
 			}
 			PS(session_status) = php_session_none;
 			ZEND_FALLTHROUGH;
+		}
 
 		case php_session_none:
 		default:
@@ -1793,9 +1787,6 @@ PHP_FUNCTION(session_set_cookie_params)
 	}
 
 	if (options_ht) {
-		zend_string *key;
-		zval *value;
-
 		if (path) {
 			zend_argument_value_error(2, "must be null when argument #1 ($lifetime_or_options) is an array");
 			RETURN_THROWS();
@@ -1815,7 +1806,7 @@ PHP_FUNCTION(session_set_cookie_params)
 			zend_argument_value_error(5, "must be null when argument #1 ($lifetime_or_options) is an array");
 			RETURN_THROWS();
 		}
-		ZEND_HASH_FOREACH_STR_KEY_VAL(options_ht, key, value) {
+		ZEND_HASH_FOREACH_STR_KEY_VAL(options_ht, zend_string *key, zval *value) {
 			if (key) {
 				ZVAL_DEREF(value);
 				if (zend_string_equals_literal_ci(key, "lifetime")) {
@@ -2461,7 +2452,6 @@ PHP_FUNCTION(session_create_id)
 PHP_FUNCTION(session_cache_limiter)
 {
 	zend_string *limiter = NULL;
-	zend_string *ini_name;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S!", &limiter) == FAILURE) {
 		RETURN_THROWS();
@@ -2480,7 +2470,7 @@ PHP_FUNCTION(session_cache_limiter)
 	RETVAL_STRINGL(ZSTR_VAL(PS(cache_limiter)), ZSTR_LEN(PS(cache_limiter)));
 
 	if (limiter) {
-		ini_name = ZSTR_INIT_LITERAL("session.cache_limiter", false);
+		zend_string *ini_name = ZSTR_INIT_LITERAL("session.cache_limiter", false);
 		zend_alter_ini_entry(ini_name, limiter, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 		zend_string_release_ex(ini_name, false);
 	}
@@ -2566,8 +2556,6 @@ static zend_result php_session_start_set_ini(zend_string *varname, zend_string *
 PHP_FUNCTION(session_start)
 {
 	zval *options = NULL;
-	zval *value;
-	zend_string *str_idx;
 	bool read_and_close = false;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|a", &options) == FAILURE) {
@@ -2591,7 +2579,7 @@ PHP_FUNCTION(session_start)
 
 	/* set options */
 	if (options) {
-		ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(options), str_idx, value) {
+		ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(options), zend_string *str_idx, zval *value) {
 			if (UNEXPECTED(!str_idx)) {
 				zend_argument_value_error(1, "must be of type array with keys as string");
 				RETURN_THROWS();

From 1a2c87736699b894fb749347dda4fb5e15f8c2f6 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:16:33 +0000
Subject: [PATCH 4/6] ext/session: refactor bin_to_readable()

---
 ext/session/session.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index 31c525c89e8c..cf9ea05fc341 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -305,23 +305,17 @@ static zend_result php_session_decode(const zend_string *data)
 
 static const char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
 
-static void bin_to_readable(unsigned char *in, size_t inlen, char *out, size_t outlen, char nbits)
+static void bin_to_readable(const unsigned char *in, size_t inlen, char *out, size_t outlen, char nbits)
 {
-	unsigned char *p, *q;
-	unsigned short w;
-	int mask;
-	int have;
-
-	p = (unsigned char *)in;
-	q = (unsigned char *)in + inlen;
-
-	w = 0;
-	have = 0;
-	mask = (1 << nbits) - 1;
+	const unsigned char *p = in;
+	const unsigned char *end_p = in + inlen;
+	unsigned short w = 0;
+	int have = 0;
+	const int mask = (1 << nbits) - 1;
 
 	while (outlen--) {
 		if (have < nbits) {
-			if (p < q) {
+			if (p < end_p) {
 				w |= *p++ << have;
 				have += 8;
 			} else {

From a2125030cd8936cc33ffe2bad99fb4e0117e9d17 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:21:12 +0000
Subject: [PATCH 5/6] ext/session: add const qualifiers

---
 ext/session/session.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index cf9ea05fc341..6930ea8ca2d9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1186,12 +1186,12 @@ typedef struct {
 #define ADD_HEADER(a) sapi_add_header(a, strlen(a), 1);
 #define MAX_STR 512
 
-static const char *month_names[] = {
+static const char *const month_names[] = {
 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
 	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
 };
 
-static const char *week_days[] = {
+static const char *const week_days[] = {
 	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"
 };
 
@@ -2535,7 +2535,7 @@ PHP_FUNCTION(session_decode)
 	RETURN_BOOL(php_session_decode(str) == SUCCESS);
 }
 
-static zend_result php_session_start_set_ini(zend_string *varname, zend_string *new_value) {
+static zend_result php_session_start_set_ini(const zend_string *varname, zend_string *new_value) {
 	zend_result ret;
 	smart_str buf ={0};
 	smart_str_appends(&buf, "session");

From 3f1f3d3fe0d94bb08aa03e4cbce556f4cb083394 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 9 Feb 2026 11:28:45 +0000
Subject: [PATCH 6/6] ext/session: move variable initialization out of if
 condition

---
 ext/session/session.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/ext/session/session.c b/ext/session/session.c
index 6930ea8ca2d9..d9a4e2b5a4d2 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -2978,14 +2978,12 @@ static PHP_MINFO_FUNCTION(session)
 
 static bool early_find_sid_in(zval *dest, int where)
 {
-	zval *potential_session_id;
-
 	if (Z_ISUNDEF(PG(http_globals)[where])) {
 		return false;
 	}
 
-	if ((potential_session_id = zend_hash_find(Z_ARRVAL(PG(http_globals)[where]), PS(session_name)))
-			&& Z_TYPE_P(potential_session_id) == IS_STRING) {
+	zval *potential_session_id = zend_hash_find(Z_ARRVAL(PG(http_globals)[where]), PS(session_name));
+	if (potential_session_id && Z_TYPE_P(potential_session_id) == IS_STRING) {
 		zval_ptr_dtor(dest);
 		ZVAL_COPY_DEREF(dest, potential_session_id);
 		return true;
@@ -3013,15 +3011,15 @@ static void php_session_rfc1867_early_find_sid(php_session_rfc1867_progress *pro
 
 static bool php_check_cancel_upload(const php_session_rfc1867_progress *progress)
 {
-	zval *progress_ary, *cancel_upload;
-
-	if ((progress_ary = zend_symtable_find(Z_ARRVAL_P(Z_REFVAL(PS(http_session_vars))), progress->key.s)) == NULL) {
+	const zval *progress_ary = zend_symtable_find(Z_ARRVAL_P(Z_REFVAL(PS(http_session_vars))), progress->key.s);
+	if (progress_ary == NULL) {
 		return false;
 	}
 	if (Z_TYPE_P(progress_ary) != IS_ARRAY) {
 		return false;
 	}
-	if ((cancel_upload = zend_hash_str_find(Z_ARRVAL_P(progress_ary), ZEND_STRL("cancel_upload"))) == NULL) {
+	const zval *cancel_upload = zend_hash_str_find(Z_ARRVAL_P(progress_ary), ZEND_STRL("cancel_upload"));
+	if (cancel_upload == NULL) {
 		return false;
 	}
 	return Z_TYPE_P(cancel_upload) == IS_TRUE;