[PHP-DOC] #27688 [Bgs->Opn]: Session names consisting of only numbers cause session id generation

sniper Fri, 29 Jul 2005 09:31:11 -0700

 ID:               27688
 Updated by:       [EMAIL PROTECTED]
 Reported By:      ryan at daelibs dot com dot au
-Status:           Bogus
+Status:           Open
-Bug Type:         Session related
+Bug Type:         Documentation problem
 Operating System: *
 PHP Version:      5CVS, 4CVS (2005-01-10)
 Assigned To:      amt
 New Comment:


There should be a big fat warning about this in the manual.



Previous Comments:
------------------------------------------------------------------------

[2005-07-29 18:29:48] [EMAIL PROTECTED]

Session name can NOT be a plain number. 
No checks will be added since that'd make the code slower for no real
gain.


------------------------------------------------------------------------

[2004-03-29 09:39:15] [EMAIL PROTECTED]

This happens because PHP turns a numeric session name 
into an array index inside $_COOKIE and we're doing an 
zend_hash_find() instead of a zend_hash_index_find(). 
(ext/session/session.c, line 1098).

We can probably fix the bug by doing a 
zend_hash_index_find() instead if the session name 
successfully converts to a integer.


------------------------------------------------------------------------

[2004-03-29 04:53:03] unknown at simplemachines dot org

Here's a simple workaround:

<?php

// This name works.
//session_name('A9');

// This name doesn't...
session_name('99');

// Force the last session id, not the detected one.
session_id($_COOKIE[session_name()]);

session_start();

echo '
        Session Name: ', session_name(), '<br />
        Session ID: ', session_id(), '<br />
        Cookie: ', $_COOKIE[session_name()];

?>

Removing the session_id() line though, shows that the cookie is still
being properly set.

-[Unknown]

------------------------------------------------------------------------

[2004-03-25 00:00:26] ryan at daelibs dot com dot au

Description:
------------
When you use a session name that has only numbers, each call to
session_start seems to regenerate a new session id, so the session does
not persist.

The code below can be loaded and refreshed to reproduce the behaviour


Reproduce code:
---------------
<?php

//This name works
//session_name('A9');

//This name doesn't
session_name('99');

session_start();

echo 'Session Name: '.session_name().'<br />';
echo 'Session Id: '.session_id().'<br />';
?>

Expected result:
----------------
Session Name: 99
Session Id: {{a sid that remains the same between each refresh }} 

Actual result:
--------------
Session Name: 99
Session Id: {{a different sid each refresh}} 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=27688&edit=1

[PHP-DOC] #27688 [Bgs->Opn]: Session names consisting of only numbers cause session id generation

Reply via email to