#27688 [Opn->Asn]: Session names consisting of only numbers cause session id generation

Mon, 29 Mar 2004 06:48:43 -0800 

 ID:               27688
 Updated by:       [EMAIL PROTECTED]
 Reported By:      ryan at daelibs dot com dot au
-Status:           Open
+Status:           Assigned
 Bug Type:         Session related
 Operating System: Redhat 9
 PHP Version:      5.0.0RC1
-Assigned To:      
+Assigned To:      amt
 New Comment:

This happens because PHP turns a numeric session name 

into an array index inside $_COOKIE and we're doing an 

zend_hash_find() instead of a zend_hash_index_find(). 

(ext/session/session.c, line 1098).



We can probably fix the bug by doing a 

zend_hash_index_find() instead if the session name 

successfully converts to a integer.




Previous Comments:
------------------------------------------------------------------------

[2004-03-29 04:53:03] unknown at simplemachines dot org

Here's a simple workaround:



<?php



// This name works.

//session_name('A9');



// This name doesn't...

session_name('99');



// Force the last session id, not the detected one.

session_id($_COOKIE[session_name()]);



session_start();



echo '

        Session Name: ', session_name(), '<br />

        Session ID: ', session_id(), '<br />

        Cookie: ', $_COOKIE[session_name()];



?>



Removing the session_id() line though, shows that the cookie is still
being properly set.



-[Unknown]

------------------------------------------------------------------------

[2004-03-25 10:23:02] [EMAIL PROTECTED]

Confirmed.

Is this really a doc issue?

------------------------------------------------------------------------

[2004-03-25 00:00:26] ryan at daelibs dot com dot au

Description:
------------
When you use a session name that has only numbers, each call to
session_start seems to regenerate a new session id, so the session does
not persist.



The code below can be loaded and refreshed to reproduce the behaviour



Reproduce code:
---------------
<?php



//This name works

//session_name('A9');



//This name doesn't

session_name('99');



session_start();



echo 'Session Name: '.session_name().'<br />';

echo 'Session Id: '.session_id().'<br />';

?>

Expected result:
----------------
Session Name: 99

Session Id: {{a sid that remains the same between each refresh }} 

Actual result:
--------------
Session Name: 99

Session Id: {{a different sid each refresh}} 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=27688&edit=1

Reply via email to