Instruction "Use drupal_set_session instead of $_SESSION (Drupal Docs)." drupal_set_session() doesn't exist.

The instruction links to http://drupal.org/node/224333#drupal_set_session, which says:

"[NEEDS UPDATE] Per discussion in IRC with Damien:
"- from a DX perspective, yes, no change
"- but the reverse proxy changes are still there, including the lazy session start
"- so we probably need to keep a paragraph about that
"- we still do the same thing, but developers can access $_SESSION directly
"- what we need here is a paragraph that tell module developers not to over use the session, and to clean up session data as soon as possible"

I'm not sure whether this kind of advice is in-scope for coder_review or whether the test should just be removed. I favour removal, as it clutters the interface if this warns you for every line you (legitimately) use $_SESSION.

Comments

moshe weitzman’s picture

moshe weitzman commented

I think it really needs to stay. Don't we have an 'informational warning' level? Thats perfect for this. The real problem is anon users with $_SESSION. to be avoided.

tanoshimi’s picture

tanoshimi commented

This is still an issue in latest dev release... just to restate the original poster: "drupal_set_session() doesn't exist."

So, whether coder is issuing a warning, or a recommendation, or whatever, the fact is that the course of action of replacing $_SESSION with drupal_set_session is currently impossible (and there doesn't seem to be any documentation relating to drupal_set_session at all) - don't know if this was a change that was rolled back or not.

solotandem’s picture

solotandem commented

Yes, the drupal_set_session() change was reverted.

lotyrin’s picture

lotyrin commented
Status: Needs work » Active

This doesn't have a patch or any work towards it in the repo does it? Changing status.

stella’s picture

stella commented
Status: Active » Fixed

I went with Moshe's suggestion from comment 2. I updated the warning text and set it to minor severity level.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.