Bug #65475 [Asn]: wrong session cookie is generated on session.use_strict_mode

Tue, 20 Aug 2013 14:50:45 -0700 

Edit report at https://bugs.php.net/bug.php?id=65475&edit=1

 ID:                 65475
 Updated by:         yohg...@php.net
 Reported by:        php at tokumaru dot org
 Summary:            wrong session cookie is generated on
                     session.use_strict_mode
 Status:             Assigned
 Type:               Bug
 Package:            Session related
 Operating System:   Ubuntu
 PHP Version:        5.5.2
 Assigned To:        yohgaki
 Block user comment: N
 Private report:     N

 New Comment:

Fix for files save handler. I'll prepare fix for other save handlers if there 
is 
problem before 5.5.3 if it's possible.

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index e5733b4..004d9d4 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -338,13 +338,13 @@ PS_READ_FUNC(files)
                if (!PS(id)) {
                        return FAILURE;
                }
-               php_session_reset_id(TSRMLS_C);
                if (PS(use_cookies)) {
                        PS(send_cookie) = 1;
                }
+               php_session_reset_id(TSRMLS_C);
        }
 
-       ps_files_open(data, key TSRMLS_CC);
+       ps_files_open(data, PS(id) TSRMLS_CC);
        if (data->fd < 0) {
                return FAILURE;
        }


Previous Comments:
------------------------------------------------------------------------
[2013-08-20 20:53:08] yohg...@php.net

It is passing uninitialized PS(id). I'll look into what's wrong.

------------------------------------------------------------------------
[2013-08-20 00:54:13] william dot a dot bartlett at gmail dot com

Could not reproduce using Fedora 19 PHP 5.5.1 - possible regression.

------------------------------------------------------------------------
[2013-08-19 03:17:03] php at tokumaru dot org

Description:
------------
In the case of session.use_strict_mode = On, a wrong session cookie is 
generated.

Test script:
---------------
<?php
  session_start();
  $_SESSION['msg'] = 'hello';
  echo 'session_id: ' . session_id();

Expected result:
----------------
A valid session cookie is generated.


Actual result:
--------------
A wrong session cookie is generated.

The HTTP Response (Summary):

HTTP/1.1 200 OK
Set-Cookie: PHPSESSID=de3vsil36bfs3829rhnspq0oo7; path=/
Content-Length: 38
Content-Type: text/html

session_id: ocjalnfd088dd90eppb1hr14h3


The Session File:

$ sudo cat /tmp/sess_ocjalnfd088dd90eppb1hr14h3
msg|s:5:"hello";


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65475&edit=1

Reply via email to