Don't call session_start() when PHP session is still or already open.

[rotdrop]

Signed-off-by: Claus-Justus Heine [email protected]

See #31248

[PVince81]

https://github.com/nextcloud/server/pull/28695 was an older alternative, not sure which is best

[come-nc]

#28695 was an older alternative, not sure which is best

No idea :confused:

[juliusknorr]

I've been trying to figure out why we actually need the session_start when clearing and generating a new session id, but couldn't find a good reasoning from the git history nor php documentation so I would consider even dropping that call. But hard to tell if that has any side effects.

So either the start_session is superfluous and can be omitted -- at least in current versions of php -- or there is missing something like a session_destroy() (but then regenerate_id() could be omitted?) or a session_write_close() which would write the (now empty) session file to disk.

@rotdrop Did you have any reasoning to go with the session_write_close instead of dropping the start_session?

[nickvergessen]

session_write_close should basically break @UseSession annotation?

[juliusknorr]

session_write_close should basically break @UseSession annotation?

No as the session_start would reopen it for writing.

[solracsf]

#28695 was an older alternative, not sure which is best

Both perform a similar goal, this one seems more clean.

[come-nc]

/rebase

[solracsf]

Is this still a thing after https://github.com/nextcloud/server/commit/9e1d4312555ddc1009450b1f6b7078ae35790593? Cc @juliushaertl

[juliusknorr]

Is this still a thing after 9e1d431? Cc @juliushaertl

Yes, that linked commit only reduced one common case where a session would be opened for writing. This might still occur later in the code path.

[juliusknorr]

/rebase

[juliusknorr]

@rotdrop Can you maybe rebase your PR so we trigger CI again and can get this merged?