ID: 16043 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: Session related Operating System: Windows XP PHP Version: 4.1.2 New Comment:
Dumb question: What is the general policy of the PHP development team on closing out bug reports? This problem has been closed, yet the bug has not yet been resolved. The latest release of PHP available to the public is still v4.1.2, and that version still contains this bug. And do you really expect everyone to understand CVS and to have the necessary compiler tools, etc., to build their own executables and modules? Whereas Linux and most forms of Unix come with cc/gcc /etc., Windows does not. By closing the bug report, anyone who downloads v4.1.2 and finds the same problem, and who then does what the PHP Bug site asks (searching for open problems that match your own), they will NOT find a match (the default setting on the search page is to look for 'Open' problems only). This leads to new bug reports about the same problem, more redundancy and repetition on the developers' part in replying, etc. etc. Do I understand this correctly? Would it not make more sense to leave this bug report 'Open' until the issue has, in fact, been resolved in the latest released version of PHP? Just a suggestion. At this point, the PHP site's recommendation that "All PHP - Windows users are encouraged to upgrade to the latest version" is, for anyone doing session management, counterproductive. Yes, the security implications are there, but session management is a key feature for many PHP-based sites, and v4.1.2 COMPLETELY breaks session support. This is not a minor bug. This is a MAJOR bug. And new users may end up having an unnecessarily negative view of PHP, which would be unfortunate for everyone. Previous Comments: ------------------------------------------------------------------------ [2002-03-15 07:09:45] [EMAIL PROTECTED] Isn't this important enough to make a new binary release for those without MSVC or new users that probably will get very confused when sessionmanagement isn't working. Just an idea. I think that you will be loosing some new users otherwise. ------------------------------------------------------------------------ [2002-03-14 21:15:08] [EMAIL PROTECTED] Oops, this is fixed in CVS and will be fixed in 4.2.0 also. ------------------------------------------------------------------------ [2002-03-14 18:58:34] [EMAIL PROTECTED] I can confirm this with w2ksp2 + apache 1.3.23 ------------------------------------------------------------------------ [2002-03-14 15:58:47] [EMAIL PROTECTED] Sample scripts to show symptoms. The following script shows that NO session data is stored when you use the new $_SESSION variables only as described in the PHP manual: __________________________________________________ <html><head><title>Simple PHP Session Test</title></head> <body> Testing PHP Sessions...<p> <?php error_reporting(E_ALL); session_start(); echo "Values at start of script:<br>"; foreach($_SESSION as $key => $value) { echo "\$_SESSION['$key'] => '$value'<br>"; } //Set/Increment Counter if ( !array_key_exists('counter', $_SESSION) ) { $_SESSION['counter'] = 0; } else { $_SESSION['counter']++; } echo "Values at end of script:<br>"; foreach($_SESSION as $key => $value) { echo "\$_SESSION['$key'] => '$value'<br>"; } ?> </body> </html> __________________________________________________ And the modified version of this script uses the older $HTTP_SESSION_VARS variable along with session_register(), to show that session_register() creates the initial instance of a session variable, but no updates occur after that. This is the best I've been able to do with sessions in 4.1.2, so it's pretty useless at this point. __________________________________________________ <html><head><title>Simple PHP Session Test</title></head> <body> Testing PHP Sessions...<p> <?php error_reporting(E_ALL); session_start(); echo "Values at start of script:<br>"; foreach($HTTP_SESSION_VARS as $key => $value) { echo "\$HTTP_SESSION_VARS['$key'] => '$value'<br>"; } //Set/Increment Counter if ( !array_key_exists('counter', $HTTP_SESSION_VARS) ) { $counter = 0; session_register('counter'); } else { $HTTP_SESSION_VARS['counter']++; } echo "Values at end of script:<br>"; foreach($HTTP_SESSION_VARS as $key => $value) { echo "\$HTTP_SESSION_VARS['$key'] => '$value'<br>"; } ?> </body> </html> __________________________________________________ P.S. For what it's worth, session files ARE created in the session.save_path directory, but other than the latter script, the files are always 0 bytes and completely empty. Hope this helps track down the bug. ------------------------------------------------------------------------ [2002-03-14 14:37:56] [EMAIL PROTECTED] Also applies to NT 4.0 (sp6a) both Module and CGI $_SESSION and also $HTTP_SESSION_VARS are dead. From what I can tell the sess files get created in tmp ok, however nothing ever gets written to it. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/16043 -- Edit this bug report at http://bugs.php.net/?id=16043&edit=1