#45380 [Com]: [PATCH] Access multiple sessions in a request

Tue, 21 Apr 2009 07:33:12 -0700 

 ID:               45380
 Comment by:       jean-philippe dot goydadin at bsp dot ulaval dot ca
 Reported By:      jerome dot auge at anakeen dot com
 Status:           Open
 Bug Type:         Feature/Change Request
 Operating System: Linux
 PHP Version:      5.2.6
 New Comment:

There is a mistake in my Expected ouptut result:
You should read session2 in the second array:
[sess2] => session2:db0c904dd716126ddfc8e3db30e1ddda
                  -

Thanks,
JP


Previous Comments:
------------------------------------------------------------------------

[2009-04-21 14:28:59] jean-philippe dot goydadin at bsp dot ulaval dot
ca

I've got the exact same problem, on my Linux/Apache/PHP Server AND my
windows/Apache/PHP server.

If you follow the documentation, a call to session_write_close(),
session_name('MyNewSession') and session_start() should be sufficient to
switch from one session to another, but it's not the case.

Description:
------------
I want to open a existing session, read data in it, close it and then
create a new session.

Reproduce code:
---------------
1) Call 'set_sess1.php' to set a session named 'sess1':

<?php
session_name('sess1');
session_start();
$session_id = session_id();
// Do some stuff in sess1
$_SESSION['sess1']='session1:'.$session_id;
// Print session content
echo 'Session 1:<br />';
print_r($_SESSION);
session_write_close();
?>

2) Try to access 'sess1' data first AND THEN to create 'sess2' in the
same script in 'view_sess1_create_sess2.php':
<?php
ob_start();

// session_name('sess1');
session_start();
// Do some stuff in sess1
$_SESSION['mydata'] = 'new update in sess1';
// Print session content
echo 'Session 1:<br />';
print_r($_SESSION);
// Save data into sess1
session_write_close();


// Create sess2
session_name('sess2');
session_start();
$session_id = session_id();
// Do some stuff in sess2
$_SESSION['sess2']='session2:'.$session_id;
$_SESSION['mydata'] = 'new update in sess2';
// Print session content
echo '<br /><br />Session 2:<br />';
print_r($_SESSION);
session_write_close();

ob_end_flush() 
?>

Expected ouptut result:
-----------------------
Session 1:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 
        [mydata] => new update in sess1 )

Session 2:
Array ( [sess2] => session1:db0c904dd716126ddfc8e3db30e1ddda
        [mydata] => new update in sess2 ) 

Expected Set-Cookie header (SID different from sess1):
------------------------------------------------------
Set-Cookie: sess2=db0c904dd716126ddfc8e3db30e1ddda; path=/


Actual output result:
---------------------
Session 1:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 
        [mydata] => new update in sess1 )

Session 2:
Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 
        [mydata] => new update in sess2 
        [sess2] => session2:f0ed9cecd7a730784a9f6aed4c241887 ) 

Actual Set-Cookie header (same SID as sess1):
---------------------------------------------
Set-Cookie: sess2=f0ed9cecd7a730784a9f6aed4c241887; path=/

So php dosn't close sess1 properly, so the session still have the same
SID. The patch I found is to use session_regenerate_id(false) and some
patch:
Patched code:
-------------
<?php
session_name('sess1');
session_start();
// Do some stuff in sess1
$_SESSION['mydata'] = 'new update before creating sess2';
// Save data into sess1
session_write_close();

// Create sess2 with sess1 id without resending a Set-Cookie header
// Resending a Set-Cookie header would create a cookie
sess2=<sess1_id>
// Furthermore, if you don't do the session_start() here,
session_regenerate_id 
// will have no effect
ini_set('session.use_cookies',0);
session_name('sess2');
session_start();
ini_set('session.use_cookies',1);

// Create a new genuine session id and do the actual
session_id($new_sess_id) silently, 
// then send a cookie to the client with the new id
sess2=<new_sess2_id>
$old_sess_id = session_id();
session_regenerate_id(false);
$new_sess_id = session_id();

echo '<br />old : ' . $old_sess_id;
echo '<br />new : ' . $new_sess_id;
?>

------------------------------------------------------------------------

[2008-12-17 08:20:35] vijaybabur at mobiusservices dot in

I also facing the same problem (Different sessions in one page).

------------------------------------------------------------------------

[2008-11-17 09:14:44] ritenvs1987 at yahoo dot com

I am facing the same problem, cannot access sessions with different
names on the same page.

------------------------------------------------------------------------

[2008-11-13 16:45:27] jd at jdfitzgerald dot net

The problem I'm having is actually bug #45270, which the powers that be
have decided to mark as bogus related to this one. I hope it doesn't
fall by the wayside due to this (poor?) decision.

The work-around I've found is to ini_set('session.use_cookies',0) after
the first session_start. This will stop any further set-cookie headers
being sent after the first one, with no ill effects that I've noticed.

------------------------------------------------------------------------

[2008-07-11 15:57:36] [email protected]

See also bug #45270

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/45380

-- 
Edit this bug report at http://bugs.php.net/?id=45380&edit=1
  • #45380 [Com]: [PATCH] ... jean-philippe dot goydadin at bsp dot ulaval dot ca
    • #45380 [Com]: [PA... jean-philippe dot goydadin at bsp dot ulaval dot ca

Reply via email to