ID: 45380
Updated by: [EMAIL PROTECTED]
Reported By: jerome dot auge at anakeen dot com
Status: Open
Bug Type: Session related
Operating System: Linux
PHP Version: 5.2.6
New Comment:
See also bug #45270
Previous Comments:
------------------------------------------------------------------------
[2008-06-27 17:25:36] jerome dot auge at anakeen dot com
Description:
------------
I want to access two distinct sessions content, but I only get access
to
the first session, and the second session_name/session_start does not
change the content of the $_SESSION variable which remains the same as
the first one.
After investigation, when switching session with a call to
session_name('another_session')+session_start(), the session ID from
the
first session_start() is re-used, and the sess ID from the new session
name 'another_session' is not used.
Reproduce code:
---------------
1) Call 'set_sess1.php' to set a session named 'sess1':
<?php
session_name('sess1');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess1'];
$_SESSION['sess1']='session1:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess1']."\n";
session_write_close();
?>
2) Call 'set_sess2.php' to set a session named 'sess2':
<?php
session_name('sess2');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess2'];
$_SESSION['sess2']='session2:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess2']."\n";
session_write_close();
?>
3) Try to access both session variables in 'get_sess.php':
<?php
session_name('sess1');
session_start();
$sess1 = $_SESSION['sess1'];
session_write_close();
session_name('sess2');
session_start();
$sess2 = $_SESSION['sess2'];
session_write_close();
foreach ($_COOKIE as $k => $v) {
print "_COOKIE[$k] = $v\n";
}
print "sess1 = $sess1\n";
print "sess2 = $sess2\n";
?>
Expected result:
----------------
In 'get_sess.php', I expect to get access to the content of the 'sess2'
session by issuing a new session_name('sess2')+session_start(), but the
content of _SESSION remains the one from 'sess1'.
Expected output from 'get_sess.php':
_COOKIE[sess1] = n0f57lap2oabeqvfc6t6c0ap60
_COOKIE[sess2] = b4s2sr976f4qrbkimfh0i6kqm0
sess1 = session1:n0f57lap2oabeqvfc6t6c0ap60
sess2 = session2:b4s2sr976f4qrbkimfh0i6kqm0
Actual result:
--------------
Actuel output from 'get_sess.php':
_COOKIE[sess1] = 2ot2t22ccq0t9de2edhgcrh4h4
_COOKIE[sess2] = rt8jr3e6esvmp88id0e4o05091
sess1 = session1:2ot2t22ccq0t9de2edhgcrh4h4
sess2 =
The script also issue a "Set-Cookie: sess2=<value_from_sess1>", and I
end up with the cookies 'sess1' and 'sess2' having the same ID.
I got around it by setting the session ID manually with
session_id($_COOKIE['new_session']), after calling
session_name('new_session') and before session_start()... but I was
expecting PHP to handle this automatically...
So here is a proposal patch to de-allocate PS(id) when calling
session_write_close(), in order to force session_start() to lookup the
session ID from the session name:
--8<--
--- php-5.2.6.orig/ext/session/session.c 2008-04-29
16:42:38.000000000 +0200
+++ php-5.2.6/ext/session/session.c 2008-06-27 18:29:05.000000000
+0200
@@ -933,6 +933,11 @@
if (PS(mod_data))
PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
+
+ if (PS(id)) {
+ efree(PS(id));
+ PS(id) = NULL;
+ }
}
static char *month_names[] = {
-->8--
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=45380&edit=1
