Because this column has no default value, the Symfony-based Drupal-specific database session handler I am actually writting on behalf of the WSCCI initiative cannot have a clean upgrade path. See #335411: Switch to Symfony2-based session handling.

Symfony's session handler interface don't care about uid, the only key for a Symfony session is the session identifier. If {sessions}.uid field without a default value will cause PDOExceptions to rise when we db_merge() the Symfony's session. If we attempt to care about this field, and set a foo value in the new session handler, PDOExceptions will rise once we'll have removed the field.

This is a chicken and egg problem, because in order to proceed to the update and remove the field, we need the uid 1 user to create a session and login, thus there is no scenario where no PDOExceptions will rise; except if we set a default value on this field.

Setting the {sessions}.uid default value to 0 has no impact, neither on API, neither on behavior of Drupal 7, and it will allow the future Drupal 8 Symfony based session handler to seamlessly use the same table ignoring the uid field thanks to the default value, until the upgrade path is executed. This allows us a clean and non circonvoluted solution for future Drupal 8 upgrade path.

I prioritize this to "major" to reflect the 8.x bug priority. I will provide a 8.x patch too, but I would like to see the D7 version to pass first for consistency.

Comments

pounard’s picture

Status: Active » Needs review
StatusFileSize
new1.04 KB
pounard’s picture

Forgot to add, since the D7 to D8 requirement is to have the latest D7 version running, by commiting this patch we will ensure that the table is ready for all use cases. I think this is a clean and quick win.

podarok’s picture

I do not see any problems with applying this into code
Good preemptive patch for #335411: Switch to Symfony2-based session handling

chx’s picture

Not wanting to hold this up or anything but why dont we truncate the sessions table here? Potentially we are looking at a ginormous amount of data being upgraded ... for no reason.

Edit: except the current session might be worth keeping but even that i would retrieve and save back manually and run truncate. truncate is fast. Or, even, we can just drop the table and recreate it with the new schema.

pounard’s picture

Do we have a policicy about keeping sessions during minor upgrades? The answer to this question would be the final answer to that. Aside of that question, I agree, this would be faster, but I'm not afraid of a SQL query running for some seconds if that's a proper upgrade done while the site is in maintainance mode.

sun’s picture

We should retain the session in current global $user. All others can be deleted, yes.

Crell’s picture

#6 sounds sane to me. Maybe we could think about keeping only "recently active" sessions, for some definition of recent, but for this update I think "current user only" is fine.

chx’s picture

Here's why I thought saving session manually is important: I would be somewhat wary of just keeping session in global $user, it's an update if PHP times out or something you do not necessarily get your session writen and then ... yes, and then what :) ? Well, it's an update so what if the system is in a state where all you can do is rerun update.php and now you can't because you've been logged out. I know, I am paranoid, but the question is, am I paranoid enough :D ?

pounard’s picture

You're right about this chx, I will try to provide a sane patch, but not today, we'll see this during the next week.

pounard’s picture

Some thoughts after this, I'm not even sure this can happen. I think this patch might be commited as-is. Any reviewers, ideas, cons, etc?

sun’s picture

Status: Needs review » Needs work

Yeah, this patch looks pretty straightforward to me.

Can we implement #6 before executing the schema update? I.e.:

global $user;
if ($user->uid) {
  db_delete('sessions')
    ->condition('uid', $user->uid, '<>')
    ->execute();
}

(could also filter by session ID, but not sure whether that makes any difference and whether it wouldn't potentially break HTTP/S sessions during the update and possibly other stuff)

I don't think we have to be paranoid about this update, since at the point the update function is executed, you're in a non-reversible system upgrade state anyway.

That said, depending on the new Symfony session system, we might have to execute this update in the early/special update_fix_whatever() helper functions already - although we could also possibly leave that adjustment to the actual session patch.

And then just a quick adjustment:

+++ b/modules/system/system.install
@@ -3016,6 +3017,20 @@ function system_update_7073() {
+ * Set the {sessions}.uid field default value to 0, making possible a schema
+ * change for the {sessions} table for future Drupal 8 migration.

Can we shorten this to this?

"Change the {sessions}.uid default value to 0."

pounard’s picture

@sun I liked the fact to expose in the comment why is this update being done -without it seems arbitrary- but if you feel it's not necessary we can shorten the comment.

yesct’s picture

Status: Needs work » Needs review
yesct’s picture

Status: Needs review » Needs work

Looks like this is needs work for the first part of #11.
(also might need rerolled, let's see.)

berdir’s picture

I don't think this is required anymore. The mentioned issue can relatively easily work around this by making the session changes before the session is bootstrapped, then this isn't a problem?

berdir’s picture

Status: Needs work » Postponed
jibran’s picture

Status: Postponed » Needs review
StatusFileSize
new1.09 KB

re-roll as per #14 included feedback from #11.

yesct’s picture

Lets see what @Berdir says.

jibran’s picture

Status: Needs review » Postponed

postponed as per #16

yesct’s picture

@jibran, I see you posted a new patch http://drupal.org/node/1672804#comment-6947438 Thanks.
And also that the issue might not be needed anymore and is postponed. This looks good for now, no further work needed until it's unpostponed.

I have a question though, was it really re-rolled because the previous patch did not apply?

If it was, then making a commit locally, or a branch, and then making the changes after it was re-rolled would let you make an interdiff.

If it wasn't re-rolled, then there might be some confusion about what re-rolling means. It's usually: http://drupal.org/patch/reroll

And if a reroll was not needed, then an interdiff is even easier. See: http://drupal.org/node/1488712

For next time. :)

jibran’s picture

StatusFileSize
new810 bytes

@YesCT as I mentioned above it is a re-roll and some feedback. It was so tiny patch I thought interdiff is not worth it. But thanks for the reminder I'll be careful next time :).

jibran’s picture

Issue summary: View changes

Updated topic with more details for people to understand.

Status: Postponed » Closed (outdated)

Automatically closed because Drupal 7 security and bugfix support has ended as of 5 January 2025. If the issue verifiably applies to later versions, please reopen with details and update the version.