ID: 43579
User updated by: assid at assid dot com
Reported By: assid at assid dot com
-Status: Feedback
+Status: Open
Bug Type: Session related
Operating System: Debian etch
PHP Version: 5.2.5
New Comment:
Yes the assid.com domain has the following in the vhost
php_admin_value open_basedir /home/assid:/var/shared:/var/stats:/tmp
The other vhosts on the server have similar as well.
The other domain: equineindia.com (that uses the login/logout
function), has the following:
php_admin_value session.gc_maxlifetime 10800
php_admin_value asp_tags 1
php_admin_value max_execution_time 90
php_admin_value session.name eisessid
php_admin_value session.auto_start 1
php_admin_value session.cookie_domain .equineindia.com
php_admin_value short_open_tag 1
What i did notice, is that if you want to "trigger" the bug, you
refresh a few times on assid.com/session.php, then go to
http://www.equineindia.com/login.php and then click login again, then go
back to the counter (assid.com/session.php) this somehow makes the bug
"easier" to reproduce. Atleast when running valgrind.
When running generally, you just keep refreshing and the bug is
triggered.
Previous Comments:
------------------------------------------------------------------------
[2008-03-13 13:27:55] [EMAIL PROTECTED]
Are you by any chance using php_admin_value/php_value/etc. in some
.htaccess file or in your httpd.conf to set any php.ini options?
------------------------------------------------------------------------
[2008-03-08 20:31:41] assid at assid dot com
Actually my original log did contain that.
Nevertheless, here you go again
i ran 2 rounds
www.assid.com/apache.log
www.assid.com/apache5.log
Hope its helpful. Back to php 5.2.4 for now :|
------------------------------------------------------------------------
[2008-03-03 23:18:41] [EMAIL PROTECTED]
While doing valgrind I'd also recommend setting USE_ZEND_ALLOC=0 in the
environment. That would make the engine use only mallocs which would
provide much more information to the valgrind.
------------------------------------------------------------------------
[2008-03-03 17:32:34] assid at assid dot com
Yes, I reversed it back, but it didnt help (seeing the diff in the
patch).
------------------------------------------------------------------------
[2008-03-03 17:31:32] assid at assid dot com
It seems whenever I run http://assid.com/session.php (source -
http://assid.com/session.phps), if i refresh enough number of times and
at odd times, i end up with a new session of PHPSESSID (it also jumps
back and forth). I am trying to figure out WHY its starting that
session, when the script EXPLICITLY has a session name set to
spheretest
Maybe that can help us pinpoint what to check?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43579
--
Edit this bug report at http://bugs.php.net/?id=43579&edit=1
