Edit report at https://bugs.php.net/bug.php?id=38104&edit=1
ID: 38104
Comment by: jonathan at doubledotmedia dot com
Reported by: m dot v dot veluw dot smscity at gmail dot com
Summary: session_start()/session_write_close() creates
multiple session cookies headers
Status: Not a bug
Type: Bug
Package: Session related
Operating System: any
PHP Version: 5.1.4
Block user comment: N
Private report: N
New Comment:
I am encountering the same issue at the moment on a codebase I am working on;
the
issue we are seeing is that we make many simultaneous AJAX requests, but they
block each other because only one can hold the session open at a time.
We are currently working around it by using multiple session_start() and
session_write_close() functions, but this is sending multiple (identical) Set-
Cookie headers to the client, which is incorrect.
Either session_start needs to not send duplicate headers, or we need a
session_reopen() function
Previous Comments:
------------------------------------------------------------------------
[2012-11-17 02:22:55] denis_truffaut at hotmail dot com
I agree with all previous comments.
Multiple AJAX long running processes, like AJAXed HTML 5 photo multi uploading
(to be very concrete) require intensive session_write_close, and may need to
restart session.
So if i had to upload 150 photos in the same time, i will perform 150
session_start / session_write_close / long running process / session_start /
session_write_close /... etc
This behavior should not lead to crash the browser.
session_start is expected to reopen the session, or please provide a function
to
reopen the session in write mode (with all locks and wait times it involves).
------------------------------------------------------------------------
[2012-09-26 00:13:58] chris at ctgameinfo dot com
According to rfc6265 it definitely is a bug
"Servers SHOULD NOT include more than one Set-Cookie header field in the same
response with the same cookie-name."
------------------------------------------------------------------------
[2012-05-08 17:02:13] andries dot malan at gmail dot com
I believe the problem is a missing PHP capability for session handling,without
which no efficient solution is possible for this problem.
In addition to session_start() and session_write_close(), PHP should have a
session_write_reopen() function.
This would solve several problems cleanly.
It will allow for those that want fine-grained control over the transaction
handling/demarcation when accessing session variables, without imposing any
additional complications on those that just want the default session handling
behavior.
for example:
at the top of all pages you start your session with:
session_start(); session_write_close(); //no further blocking
//.. rest of long running script execution
//now we only block for tiny fraction of time while manipulating session vars
startSessionTransaction();
$x = $_SESSION['x'];
$x++;
$_SESSION['x] = $x;
endSessionTransaction();
//now we stop block
//... script can continue running tedious operations without blocking others on
session access
//...
and the user would then implement these
function startSessionTransaction()
{
session_write_reopen();
}
function endSessionTransaction()
{
session_write_close();
}
Now you can only let your session handling part of your script block for the
tiny parts when a session variable is manipulated, without
having to completely restart sessions, because restarting sessions later in
your
script creates several additional problems as noted - such as creating
duplicate
session cookies, and just as annoying, force you to turn on output buffering
for
your entire script, since you cannot start (or restart) session's once any
output has been sent to the browser.
This is the solution required. This is what is missing in PHP session
functionality. IMNSHO
------------------------------------------------------------------------
[2011-11-20 05:22:52] danielc at analysisandsolutions dot com
See also https://bugs.php.net/bug.php?id=31455
------------------------------------------------------------------------
[2011-11-09 18:34:52] rfunk at funknet dot net
I just ran into this bug in PHP 5.3.5 when working with a script that does lots
of
session_start()/session_write_close() in a long-running task, so that separate
requests can still access the
session during that long task. (Specifically those separate requests are
checking the progress of the long
task.)
The resulting absurdly redundant Set-Cookie header caused Firefox 7 to lock up
for a few seconds, and caused IE8
to give its infamously useless "Internet Explorer cannot display the webpage"
page. So this bug is not "Bogus" s
it claims.
I do have a workaround, however. I'm already doing an ob_start() at the top of
the script, and now before the
ending ob_end_flush() I replace the Set-Cookie header with a new one:
if (SID) header('Set-Cookie: '.SID.'; path=/', true);
After adding this, I no longer have the above problems in Firefox and IE.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=38104
--
Edit this bug report at https://bugs.php.net/bug.php?id=38104&edit=1
