Edit report at https://bugs.php.net/bug.php?id=38104&edit=1
ID: 38104
Comment by: rfunk at funknet dot net
Reported by: m dot v dot veluw dot smscity at gmail dot com
Summary: session_start()/session_write_close() creates
multiple session cookies headers
Status: Bogus
Type: Bug
Package: Session related
Operating System: any
PHP Version: 5.1.4
Block user comment: N
Private report: N
New Comment:
I just ran into this bug in PHP 5.3.5 when working with a script that does lots
of
session_start()/session_write_close() in a long-running task, so that separate
requests can still access the
session during that long task. (Specifically those separate requests are
checking the progress of the long
task.)
The resulting absurdly redundant Set-Cookie header caused Firefox 7 to lock up
for a few seconds, and caused IE8
to give its infamously useless "Internet Explorer cannot display the webpage"
page. So this bug is not "Bogus" s
it claims.
I do have a workaround, however. I'm already doing an ob_start() at the top of
the script, and now before the
ending ob_end_flush() I replace the Set-Cookie header with a new one:
if (SID) header('Set-Cookie: '.SID.'; path=/', true);
After adding this, I no longer have the above problems in Firefox and IE.
Previous Comments:
------------------------------------------------------------------------
[2011-02-04 17:00:58] vdklah at hotmail dot com
I can not tell how much I disagree on this. Calling session_start() followed by
session_write_close() is a very valid way to avoid blocking multiple processes.
(See also here http://konrness.com/php5/how-to-prevent-blocking-php-requests/.)
This problem is huge since we are facing fatal crashing clients due to zillions
of duplicate PHPSESSID entries in one cookie. Our server is big and complicated
and so we are not willing to change anything in this area while all is already
taken in production. Totally stuck on this and I'm not happy. This is a very
obvious PHP bug that can be proven in 4 lines of code without any client
intervention.
------------------------------------------------------------------------
[2006-07-14 20:46:11] [email protected]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Session is created every time you call session_start(). If you
want to avoid multiple cookie, write better code. Multiple
session_start() especially for the same names in the same
script seems like a really bad idea.
------------------------------------------------------------------------
[2006-07-14 10:23:58] m dot v dot veluw dot smscity at gmail dot com
Description:
------------
When using session_start() and session_write_close() with the same session
id/name will add multiple session cookies with the exact same contents
everytime session_start is used.
This is useless overhead if it is the same.
Reproduce code:
---------------
session_name('uniqueName1');
session_start();
$_SESSION['Foo1'] = 'Bar1';
session_write_close();
session_name('uniqueName2');
session_start();
$_SESSION['Foo2'] = 'Bar2';
session_write_close();
session_name('uniqueName1');
session_start();
$sessionValue = $_SESSION['Foo1'];
print $sessionValue;
session_write_close();
session_name('uniqueName2');
session_start();
$sessionValue = $_SESSION['Foo2'];
print $sessionValue;
session_write_close();
Expected result:
----------------
just 1 session cookie header for uniqueName1.
just 1 session cookie header for uniqueName2.
Actual result:
--------------
2 session cookie headers for uniqueName1, where both are exactly the same
2 session cookie headers for uniqueName2, where both are exactly the same
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=38104&edit=1
