i have found a great problem (but small fix) with the generation of
sessions when register_globals=off. this is also described in bug #8772.
this bug is in 4.0.4 and 4.0.4pl1, but i have not checked the lastest cvs.

the problem in ext/session/session.c is, that the session data of a new
session is never written to disk, because http_session_vars is null when
calling php_session_save_current_state().

my research shows the following:
- http_session_vars is inititialized in function php_session_track_init()
- php_session_track_init() is only called from php_session_decode()
- php_session_decode() is used if you call session_decode() or in
php_session_inititialize() but only if PS(mod)->read() return SUCCESS.
this condition is not true if we have generated a new session, so the
function php_session_track_init() is never called.

my proposed patch is

--- session.orig.c      Mon Jan 29 19:13:27 2001
+++ session.c   Mon Jan 29 19:17:16 2001
@@ -583,6 +583,8 @@
        if (PS(mod)->read(&PS(mod_data), PS(id), &val, &vallen) ==
                php_session_decode(val, vallen PSLS_CC);
+       } else {
+         php_session_track_init();

regards marc

Marc Pohl
WWF Wort + Ton GmbH
Bereich e-media

Tel. 0221 6900 112
Fax. 0221 6900 150

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to