ID: 23354
Comment by: gary at akos dot net
Reported By: bill dot macallister at prideindustries dot com
Status: Closed
Bug Type: Session related
Operating System: Linux 2.4.18-27.7.xsmp
PHP Version: 4-STABLE-200304281330
New Comment:
This problem still exists in the release
version of 4.3.2 put up recently. I cant
test without register_globals on but it
seeems that *not* using session_register(),
(ie working directly with $_SESSION) will
cause desync of the $_SESSION object. I am
using only the stock php session handler.
Previous Comments:
------------------------------------------------------------------------
[2003-05-28 15:48:35] downsize at edwardsconsultants dot com
I have been able to reproduce a SESSION (I believe to be the same bug)
error with the following test case:
using a GET request (example: $_GET['some_name'], setup any variable
assigning it some value (I tested string, array, and int) then
serialize the variables into the SESSION. Submit a form and I loose
the Session vars. sample code:
if(isset($_GET['some_var'])){
//..validate some_var
//..I used it to query a db and now I have some data
$some_data = "test";
$data_array = array("some_data" => $some_data);
$test_int = 6510864;
$_SESSION['test1'] = serialize($some_data);
$_SESSION['test2'] = serialize($data_array);
$_SESSION['test3'] = $test_int; //no serialize necessary
echo '<form method="post" action="somefile.php">
<input type="submit" name="testing" value="testing">
</form>';
}
if you were to use that code with phpv4.3.1 in a page that you arrived
at from a GET request, then submit a POST to another page, var_dump the
$_SESSION to find it empty.
I changed my GET request to POST (not what I wanted to do since I have
to setup a form with buttons as opposed to href's) and I successfully
retain my SESSION vars.
In both cases I use the variable *before* I register it.
later,
downsize
------------------------------------------------------------------------
[2003-05-23 11:23:24] bill dot macallister at prideindustries dot com
While the test case that caused this failure was solved with RC4 we are
stilling seeing an intermittent problem with session information
disappearing. Unfortunately we cannot reproduce the problem at will
and see it once or twice is several hundred accesses to this
application. We are working on getting more details, but at this point
that looks like a slow process. I just wanted to let you know in case
you notice something that might be causing this.
Thanks again for you efforts,
Bill
------------------------------------------------------------------------
[2003-05-18 11:50:28] [EMAIL PROTECTED]
Fix will be in PHP 4.3.2.
------------------------------------------------------------------------
[2003-05-17 17:40:06] bill dot macallister at prideindustries dot com
Looks like that fixed the problem. Initial tests are good.
Thanks a lot,
Bill
------------------------------------------------------------------------
[2003-05-15 13:19:28] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
This might be fixed now.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/23354
--
Edit this bug report at http://bugs.php.net/?id=23354&edit=1
