ID: 25934
User updated by: php at webfreezer dot com
Reported By: php at webfreezer dot com
-Status: Feedback
+Status: Open
Bug Type: Session related
Operating System: SuSe Linux 8.1
PHP Version: 4.3.3
New Comment:
This is an excerpt of ini_get_all vardumpīed:
[session.auto_start] array(3) => {
[global_value] string(1) => "0"
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.bug_compat_42] array(3) => {
[global_value] string(1) => "1"
[local_value] string(1) => "1"
[access] int(7) =>
}
[session.bug_compat_warn] array(3) => {
[global_value] string(1) => "1"
[local_value] string(1) => "1"
[access] int(7) =>
}
[session.cache_expire] array(3) => {
[global_value] string(2) => "60"
[local_value] string(3) => "180"
[access] int(7) =>
}
[session.cache_limiter] array(3) => {
[global_value] string(7) => "nocache"
[local_value] string(7) => "nocache"
[access] int(7) =>
}
[session.cookie_domain] array(3) => {
[global_value] string(0) => ""
[local_value] string(0) => ""
[access] int(7) =>
}
[session.cookie_lifetime] array(3) => {
[global_value] string(1) => "0"
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.cookie_path] array(3) => {
[global_value] string(1) => "/"
[local_value] string(1) => "/"
[access] int(7) =>
}
[session.cookie_secure] array(3) => {
[global_value] string(0) => ""
[local_value] string(0) => ""
[access] int(7) =>
}
[session.entropy_file] array(3) => {
[global_value] string(0) => ""
[local_value] string(0) => ""
[access] int(7) =>
}
[session.entropy_length] array(3) => {
[global_value] string(1) => "0"
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.gc_divisor] array(3) => {
[global_value] string(3) => "100"
[local_value] string(3) => "100"
[access] int(7) =>
}
[session.gc_maxlifetime] array(3) => {
[global_value] string(4) => "1440"
[local_value] string(4) => "1440"
[access] int(7) =>
}
[session.gc_probability] array(3) => {
[global_value] string(1) => "1"
[local_value] string(1) => "1"
[access] int(7) =>
}
[session.name] array(3) => {
[global_value] string(9) => "PHPSESSID"
[local_value] string(9) => "sessionID"
[access] int(7) =>
}
[session.referer_check] array(3) => {
[global_value] string(0) => ""
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.save_handler] array(3) => {
[global_value] string(5) => "files"
[local_value] string(5) => "files"
[access] int(7) =>
}
[session.save_path] array(3) => {
[global_value] string(4) => "/tmp"
[local_value] string(44) => "/var/www/DOMAINNAME/temp/sessions"
[access] int(7) =>
}
[session.serialize_handler] array(3) => {
[global_value] string(3) => "php"
[local_value] string(3) => "php"
[access] int(7) =>
}
[session.use_cookies] array(3) => {
[global_value] string(1) => "1"
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.use_only_cookies] array(3) => {
[global_value] string(1) => "0"
[local_value] string(1) => "0"
[access] int(7) =>
}
[session.use_trans_sid] array(3) => {
[global_value] string(1) => "0"
[local_value] string(1) => "0"
[access] int(6) =>
}
Previous Comments:
------------------------------------------------------------------------
[2003-10-29 19:58:00] [EMAIL PROTECTED]
Could you please show all your session related INI values after any
ini_set() or session_set_cookie_params() that your script normally
makes.
------------------------------------------------------------------------
[2003-10-22 06:01:14] php at webfreezer dot com
Sorry, ini_set("session.name", "sessionID") is called before, NOT
ini_set("session-name"...
------------------------------------------------------------------------
[2003-10-22 05:59:38] php at webfreezer dot com
I donīt access the sessionID in the scripts directly via any $_GET or
$_POST. I only use PHPīs session_id() and session_name() functions
throughout the scripts.
After testing the current PHP snap there has been no change in the
behavior so I changed the version back to 4.3.3.
However I tried something different.
I appended &PHPSESSID={SESSIONID} to the URL so that it now looks like
"file.php?sessionID={SESSIONID}&PHPSESSID={SESSIONID}" when such a
session "loss" occured and it works!
As I stated before the session file exists and contains the correct
data so the session is kind of restored that way.
ini_get("session.name") however correctly returns "sessionID" on the
same page and ini_set("session-name", "sessionID") is of course called
prior to session_start().
So it seems as if PHP does not always correctly use the settings and
falls back to standard values.
Might ini_set values also be "remembered" by Apache processes as stated
in bug bug #25753?
I donīt know why it didnīt work some time ago when changing the session
name to PHPSESSID did not work, but since then the code has been
changed since then that might have been another problem.
------------------------------------------------------------------------
[2003-10-22 04:49:53] [EMAIL PROTECTED]
Are you accessing the session ID via globals or do you use $_GET, etc.?
This might be same issue as bug #25753 is about.
------------------------------------------------------------------------
[2003-10-21 08:37:47] php at webfreezer dot com
Description:
------------
PHP sometimes does not want to use the sessionID given via GET! This
happens only on some occasions however it is reproducible on such a
certain page. I regret that I cannot post a short code snippet because
it simply does not happen when testing with a short code snippet.
What happens is the following:
- the SID is used as a GET parameter (this works on every other page!)
- $sidname=session_name(); echo $_GET[$sidname] outputs the correct SID
visible in the URL (e.g.
"/search.php?page=2&qid=1&sessionID=1291bfd78301f151803ca632cd41f626")
- however echo session_id() outputs a totally different SID!
- both (old and new) SID files exist and are readable
session.auto_start=0
session.use_cookies=0
session.use_only_cookies=0
session.referer_check=0
I even implemented my own session handler and it appears that PHP does
not even call the OPEN function for the "old" SID that it no longer
wants to use.
I also tried to use the generic PHPSESSID name instead of the custom
"sessionID" by not setting the custom name, but the problem still
exists.
This is my configure line:
'./configure' '--with-apache=../apache_1.3.28'
'--with-mhash=/usr/local/lib' '--with-zlib-dir=/usr/local/lib'
'--with-zip=/usr/local/lib' '--enable-memory-limit'
'--enable-versioning' '--with-gd' '--enable-exif'
'--with-config-file-path=/etc' '--enable-magic-quotes'
'--enable-thread-safety' '--with-gettext' '--with-xml' '--with-mcrypt'
'--enable-calendar' '--enable-bcmath' '--with-curl'
'--with-curlwrappers' '--enable-ftp' '--enable-wddx'
'--with-jpeg-dir=/usr/lib'
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25934&edit=1
