Edit report at http://bugs.php.net/bug.php?id=54534&edit=1
ID: 54534 Updated by: scott...@php.net Reported by: fredrik at dolda2000 dot com Summary: Sessions fail when running PHP as multiple users Status: Wont fix Type: Bug Package: Session related Operating System: Debian PHP Version: trunk-SVN-2011-04-14 (snap) Block user comment: N Private report: N New Comment: Why would you have two sites on the same domain use the same session id if they're considered different? Call session_name() at the top of your code with a new value problem solved. Conversely call umask() and let your sessions be shared across users. We can't change the format of the name easily since a PHP upgrade would invalidate all the sessions that already exist. Previous Comments: ------------------------------------------------------------------------ [2011-04-20 03:19:16] fredrik at dolda2000 dot com Are the precise filenames used an important part of this long-standing behavior? ------------------------------------------------------------------------ [2011-04-20 03:10:16] srina...@php.net Honestly, I don't think this is a corner case. Also considering that the submitter has filed the bug against trunk - should we not give a due consideration to see if this can be addressed ? IMO, closing a bug in haste will only cause couple of duplicate bugs to be opened on the very same subject causing overhead for both the bug submitter as well as for the evaluators. Moving it to a feedback status allows an opportunity for the bug submitter to explain further providing a chance for every one to make a right decision on a given issue. - Just my 2c thought.. ------------------------------------------------------------------------ [2011-04-19 08:31:04] ahar...@php.net You can already handle this corner case with a custom session handler. I don't think it's a common enough problem in practice to justify changing the long-standing behaviour of PHP's default session handler. ------------------------------------------------------------------------ [2011-04-14 16:29:48] fredrik at dolda2000 dot com Description: ------------ I'm running a website on which PHP runs as multiple different users on the operating system, and I'm encountering problems when a visitor to the site goes from a part where PHP runs as one user to another part where PHP runs as another user. Since PHP saves all sessions in one directory, it will attempt to load the same session data as long as the visitor uses the same SID. When the session was created by one user, it cannot be loaded by another. That is of course, in itself, as it should. I would argue, however, that the session filenames should contain the UID of the user running PHP, so as to remove such conflicts. The resultant behavior is probably reasonable, as the different users running PHP will most likely not want to share session data with each other. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54534&edit=1
