ID: 25876
Comment by: mbi at euro-ip dot net
Reported By: golden at riscom dot com
Status: Feedback
Bug Type: Session related
Operating System: freebsd 4.8
PHP Version: 4.3.3
New Comment:
After the recompile of PHP 4.3.10 with a session.c of 4.3.9, the
problems seem to have disapeared. It's quite difficult to be sure,
because the problem only occured once in a while (and it all took of
about a week after the initial upgrade). Some other people, using our
services, affected by the problems, tell me that they are gone by now
(without setting a session handler via ini_set).
I'm quite aware there are some unfixed bugs in the session.c of 4.3.9,
but the other way was quite unacceptable for production usage.
Maybe somebody with better knowledge of the code should take a look at
the changes between 4.3.9 and 4.3.10 in "session.c".
We're using Apache 1.3.33 with PHP 4.3.10, mod_ssl 2.8.22 on FreeBSD
4.10-RELEASE-p3. The current configuration has been rock-solid for
months and besides some minor upgrades to Apache, PHP and some minor OS
fixes, nothing interesting happened to the systems in question.
We also noticed this on all of our frontend shared hosting servers.
Previous Comments:
------------------------------------------------------------------------
[2004-12-28 10:04:44] voyo+php at spider dot pl
problem appear few days ago, plenty of sites, most of them by
mod_rewrite. php 4.3.8dotdeb, apache 1.3.26 (debian packages). I dont
upgrade to 4.3.10, I dont touch anything !
error shows occasionally, not all the time.
Maybe this is caused by some worm activity?
------------------------------------------------------------------------
[2004-12-28 09:26:38] onno at triptic dot nl
our problems also started about 5 days after the upgrade
------------------------------------------------------------------------
[2004-12-27 18:44:50] bugs dot php dot net at spacedump dot pp dot se
I have the same problem and added 'php_admin_value session.save_handler
files' to a couple of virtualhosts in my apache configuration.
The problem seem to dissapear then.
(Of course since the child changes it settings to the ones in the
virtual host definition (i suppose))
(Maybe do some fancy thing that sets this to it's default value when
the child gets the request?)
------------------------------------------------------------------------
[2004-12-27 18:17:30] mbi at euro-ip dot net
I agree with mak123. We updated to PHP 4.3.10 on dec. 17, after the
news spread about the security issues in the serialize function.
Everything went without a problem, after about a week things started to
get itchy. Every now and then this damn error comes up. There has been
no notable change to the configuration of the affected machines in the
meantime.
At first, everything looked allright again, but after about an hour the
same damn error returned on all sites using file based sessions.
Looking at the changelog of 4.3.10 the following line comes to mind:
- Crash when using unknown/unsupported session.save_handler and/or
session.serialize_handler.
So, instead of figuring out what all the code in session.c is supposed
to do, I replaced this one with a 4.3.9 version and recompiled the
4.3.10 package.
This is running now for about 20 minutes on a heavily loaded machine,
until now, no problems (knock on wood).
If this fixes the problem, it seems clear to me that the alterations of
session.c caused it.
I will keep you informed.
------------------------------------------------------------------------
[2004-12-27 16:47:04] mak123 at poczta dot onet dot pl
strange - I face this problem about week after upgrading to php.4.3.10
(apache 1.3.33, rh.es.3). first few days without any error ...
meanwhile no updates, tripwire shows no changes in any system files...
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/25876
--
Edit this bug report at http://bugs.php.net/?id=25876&edit=1
