ID: 16043
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: Session related
Operating System: Windows XP
PHP Version: 4.1.2
New Comment:
Dumb question: What is the general policy of the PHP development team
on closing out bug reports?
This problem has been closed, yet the bug has not yet been resolved.
The latest release of PHP available to the public is still v4.1.2, and
that version still contains this bug. And do you really expect
everyone to understand CVS and to have the necessary compiler tools,
etc., to build their own executables and modules? Whereas Linux and
most forms of Unix come with cc/gcc /etc., Windows does not.
By closing the bug report, anyone who downloads v4.1.2 and finds the
same problem, and who then does what the PHP Bug site asks (searching
for open problems that match your own), they will NOT find a match (the
default setting on the search page is to look for 'Open' problems
only). This leads to new bug reports about the same problem, more
redundancy and repetition on the developers' part in replying, etc.
etc. Do I understand this correctly?
Would it not make more sense to leave this bug report 'Open' until the
issue has, in fact, been resolved in the latest released version of
PHP? Just a suggestion.
At this point, the PHP site's recommendation that "All PHP - Windows
users are encouraged to upgrade to the latest version" is, for anyone
doing session management, counterproductive. Yes, the security
implications are there, but session management is a key feature for
many PHP-based sites, and v4.1.2 COMPLETELY breaks session support.
This is not a minor bug. This is a MAJOR bug. And new users may end
up having an unnecessarily negative view of PHP, which would be
unfortunate for everyone.
Previous Comments:
------------------------------------------------------------------------
[2002-03-15 07:09:45] [EMAIL PROTECTED]
Isn't this important enough to make a new binary release for those
without MSVC or new users that probably will get very confused when
sessionmanagement isn't working.
Just an idea. I think that you will be loosing some new users
otherwise.
------------------------------------------------------------------------
[2002-03-14 21:15:08] [EMAIL PROTECTED]
Oops, this is fixed in CVS and will be fixed in 4.2.0 also.
------------------------------------------------------------------------
[2002-03-14 18:58:34] [EMAIL PROTECTED]
I can confirm this with w2ksp2 + apache 1.3.23
------------------------------------------------------------------------
[2002-03-14 15:58:47] [EMAIL PROTECTED]
Sample scripts to show symptoms.
The following script shows that NO session data is stored when you use
the new $_SESSION variables only as described in the PHP manual:
__________________________________________________
<html><head><title>Simple PHP Session Test</title></head>
<body>
Testing PHP Sessions...<p>
<?php
error_reporting(E_ALL);
session_start();
echo "Values at start of script:<br>";
foreach($_SESSION as $key => $value) {
echo "\$_SESSION['$key'] => '$value'<br>";
}
//Set/Increment Counter
if ( !array_key_exists('counter', $_SESSION) ) {
$_SESSION['counter'] = 0;
} else {
$_SESSION['counter']++;
}
echo "Values at end of script:<br>";
foreach($_SESSION as $key => $value) {
echo "\$_SESSION['$key'] => '$value'<br>";
}
?>
</body>
</html>
__________________________________________________
And the modified version of this script uses the older
$HTTP_SESSION_VARS variable along with session_register(), to show that
session_register() creates the initial instance of a session variable,
but no updates occur after that. This is the best I've been able to do
with sessions in 4.1.2, so it's pretty useless at this point.
__________________________________________________
<html><head><title>Simple PHP Session Test</title></head>
<body>
Testing PHP Sessions...<p>
<?php
error_reporting(E_ALL);
session_start();
echo "Values at start of script:<br>";
foreach($HTTP_SESSION_VARS as $key => $value) {
echo "\$HTTP_SESSION_VARS['$key'] => '$value'<br>";
}
//Set/Increment Counter
if ( !array_key_exists('counter', $HTTP_SESSION_VARS) ) {
$counter = 0;
session_register('counter');
} else {
$HTTP_SESSION_VARS['counter']++;
}
echo "Values at end of script:<br>";
foreach($HTTP_SESSION_VARS as $key => $value) {
echo "\$HTTP_SESSION_VARS['$key'] => '$value'<br>";
}
?>
</body>
</html>
__________________________________________________
P.S. For what it's worth, session files ARE created in the
session.save_path directory, but other than the latter script, the
files are always 0 bytes and completely empty. Hope this helps track
down the bug.
------------------------------------------------------------------------
[2002-03-14 14:37:56] [EMAIL PROTECTED]
Also applies to NT 4.0 (sp6a) both Module and CGI $_SESSION
and also $HTTP_SESSION_VARS are dead. From what I can tell
the sess files get created in tmp ok, however nothing ever
gets written to it.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/16043
--
Edit this bug report at http://bugs.php.net/?id=16043&edit=1
