ID: 45380
Comment by: jean-philippe dot goydadin at bsp dot ulaval dot ca
Reported By: jerome dot auge at anakeen dot com
Status: Open
Bug Type: Feature/Change Request
Operating System: Linux
PHP Version: 5.2.6
New Comment:
I've got the exact same problem, on my Linux/Apache/PHP Server AND my
windows/Apache/PHP server.
If you follow the documentation, a call to session_write_close(),
session_name('MyNewSession') and session_start() should be sufficient to
switch from one session to another, but it's not the case.
Description:
------------
I want to open a existing session, read data in it, close it and then
create a new session.
Reproduce code:
---------------
1) Call 'set_sess1.php' to set a session named 'sess1':
<?php
session_name('sess1');
session_start();
$session_id = session_id();
// Do some stuff in sess1
$_SESSION['sess1']='session1:'.$session_id;
// Print session content
echo 'Session 1:<br />';
print_r($_SESSION);
session_write_close();
?>
2) Try to access 'sess1' data first AND THEN to create 'sess2' in the
same script in 'view_sess1_create_sess2.php':
<?php
ob_start();
// session_name('sess1');
session_start();
// Do some stuff in sess1
$_SESSION['mydata'] = 'new update in sess1';
// Print session content
echo 'Session 1:<br />';
print_r($_SESSION);
// Save data into sess1
session_write_close();
// Create sess2
session_name('sess2');
session_start();
$session_id = session_id();
// Do some stuff in sess2
$_SESSION['sess2']='session2:'.$session_id;
$_SESSION['mydata'] = 'new update in sess2';
// Print session content
echo '<br /><br />Session 2:<br />';
print_r($_SESSION);
session_write_close();
ob_end_flush()
?>
Expected ouptut result:
-----------------------
Session 1:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887
[mydata] => new update in sess1 )
Session 2:
Array ( [sess2] => session1:db0c904dd716126ddfc8e3db30e1ddda
[mydata] => new update in sess2 )
Expected Set-Cookie header (SID different from sess1):
------------------------------------------------------
Set-Cookie: sess2=db0c904dd716126ddfc8e3db30e1ddda; path=/
Actual output result:
---------------------
Session 1:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887
[mydata] => new update in sess1 )
Session 2:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887
[mydata] => new update in sess2
[sess2] => session2:f0ed9cecd7a730784a9f6aed4c241887 )
Actual Set-Cookie header (same SID as sess1):
---------------------------------------------
Set-Cookie: sess2=f0ed9cecd7a730784a9f6aed4c241887; path=/
So php dosn't close sess1 properly, so the session still have the same
SID. The patch I found is to use session_regenerate_id(false) and some
patch:
Patched code:
-------------
<?php
session_name('sess1');
session_start();
// Do some stuff in sess1
$_SESSION['mydata'] = 'new update before creating sess2';
// Save data into sess1
session_write_close();
// Create sess2 with sess1 id without resending a Set-Cookie header
// Resending a Set-Cookie header would create a cookie
sess2=<sess1_id>
// Furthermore, if you don't do the session_start() here,
session_regenerate_id
// will have no effect
ini_set('session.use_cookies',0);
session_name('sess2');
session_start();
ini_set('session.use_cookies',1);
// Create a new genuine session id and do the actual
session_id($new_sess_id) silently,
// then send a cookie to the client with the new id
sess2=<new_sess2_id>
$old_sess_id = session_id();
session_regenerate_id(false);
$new_sess_id = session_id();
echo '<br />old : ' . $old_sess_id;
echo '<br />new : ' . $new_sess_id;
?>
Previous Comments:
------------------------------------------------------------------------
[2008-12-17 08:20:35] vijaybabur at mobiusservices dot in
I also facing the same problem (Different sessions in one page).
------------------------------------------------------------------------
[2008-11-17 09:14:44] ritenvs1987 at yahoo dot com
I am facing the same problem, cannot access sessions with different
names on the same page.
------------------------------------------------------------------------
[2008-11-13 16:45:27] jd at jdfitzgerald dot net
The problem I'm having is actually bug #45270, which the powers that be
have decided to mark as bogus related to this one. I hope it doesn't
fall by the wayside due to this (poor?) decision.
The work-around I've found is to ini_set('session.use_cookies',0) after
the first session_start. This will stop any further set-cookie headers
being sent after the first one, with no ill effects that I've noticed.
------------------------------------------------------------------------
[2008-07-11 15:57:36] [email protected]
See also bug #45270
------------------------------------------------------------------------
[2008-06-27 17:25:36] jerome dot auge at anakeen dot com
Description:
------------
I want to access two distinct sessions content, but I only get access
to
the first session, and the second session_name/session_start does not
change the content of the $_SESSION variable which remains the same as
the first one.
After investigation, when switching session with a call to
session_name('another_session')+session_start(), the session ID from
the
first session_start() is re-used, and the sess ID from the new session
name 'another_session' is not used.
Reproduce code:
---------------
1) Call 'set_sess1.php' to set a session named 'sess1':
<?php
session_name('sess1');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess1'];
$_SESSION['sess1']='session1:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess1']."\n";
session_write_close();
?>
2) Call 'set_sess2.php' to set a session named 'sess2':
<?php
session_name('sess2');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess2'];
$_SESSION['sess2']='session2:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess2']."\n";
session_write_close();
?>
3) Try to access both session variables in 'get_sess.php':
<?php
session_name('sess1');
session_start();
$sess1 = $_SESSION['sess1'];
session_write_close();
session_name('sess2');
session_start();
$sess2 = $_SESSION['sess2'];
session_write_close();
foreach ($_COOKIE as $k => $v) {
print "_COOKIE[$k] = $v\n";
}
print "sess1 = $sess1\n";
print "sess2 = $sess2\n";
?>
Expected result:
----------------
In 'get_sess.php', I expect to get access to the content of the 'sess2'
session by issuing a new session_name('sess2')+session_start(), but the
content of _SESSION remains the one from 'sess1'.
Expected output from 'get_sess.php':
_COOKIE[sess1] = n0f57lap2oabeqvfc6t6c0ap60
_COOKIE[sess2] = b4s2sr976f4qrbkimfh0i6kqm0
sess1 = session1:n0f57lap2oabeqvfc6t6c0ap60
sess2 = session2:b4s2sr976f4qrbkimfh0i6kqm0
Actual result:
--------------
Actuel output from 'get_sess.php':
_COOKIE[sess1] = 2ot2t22ccq0t9de2edhgcrh4h4
_COOKIE[sess2] = rt8jr3e6esvmp88id0e4o05091
sess1 = session1:2ot2t22ccq0t9de2edhgcrh4h4
sess2 =
The script also issue a "Set-Cookie: sess2=<value_from_sess1>", and I
end up with the cookies 'sess1' and 'sess2' having the same ID.
I got around it by setting the session ID manually with
session_id($_COOKIE['new_session']), after calling
session_name('new_session') and before session_start()... but I was
expecting PHP to handle this automatically...
So here is a proposal patch to de-allocate PS(id) when calling
session_write_close(), in order to force session_start() to lookup the
session ID from the session name:
--8<--
--- php-5.2.6.orig/ext/session/session.c 2008-04-29
16:42:38.000000000 +0200
+++ php-5.2.6/ext/session/session.c 2008-06-27 18:29:05.000000000
+0200
@@ -933,6 +933,11 @@
if (PS(mod_data))
PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
+
+ if (PS(id)) {
+ efree(PS(id));
+ PS(id) = NULL;
+ }
}
static char *month_names[] = {
-->8--
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=45380&edit=1
