ID: 19022 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: No Feedback Bug Type: Session related Operating System: linux (rh7.3), apache 1.3.26 PHP Version: 4.2.2 New Comment:
I receive this bug too...I have traced it back to breaking as soon as I use session_id(); function, and then working fine again once use of that function is removed. Previous Comments: ------------------------------------------------------------------------ [2002-11-12 14:33:57] [EMAIL PROTECTED] Another data point. I've recently moved a system from a hosted server running 4.06 to a server under my control running redhat 7.3 and php 4.2.3 Since the move I've been getting very occasional cases of users logging in and receiving someone else's session. The session handling is very simple. On login session_name($db_name); session_start(); $user = new User($userid, $passwd); session_register("user"); On return session_name($db_name); session_start(); I've tried various workarounds like session.entropy_length = 512 session.entropy_file = /dev/urandom in the belief that somehow the two people were getting the same ID and hence temp file But all this was just thrashing at the problem. Then I checked my own cookies and discovered the same as [EMAIL PROTECTED] The cookie contained two session IDs. So I deleted all relevant cookies. Logged out and in and now I'm back to the expected single ID in the cookie. I have logging turned on but have not yet seen any errors. ------------------------------------------------------------------------ [2002-11-11 03:12:24] [EMAIL PROTECTED] I've seen this bug on FreeBSD since PHP4.0.* series. Now I use 4.2.2. It happens rarely. I could not figure why - the probability is small. ------------------------------------------------------------------------ [2002-10-22 08:45:42] [EMAIL PROTECTED] I got this too and its on a low traffic dev server. This started happening even with old sites. I use FreeBSD and the latest of everything. I will not upgrade the PHP on my prod servers until this is resolved. good luck. ------------------------------------------------------------------------ [2002-10-18 03:29:47] [EMAIL PROTECTED] I'm experiencing this too, and I might have some usefull feedback! I don't see the 'failed to write' messages. But I do have the random loss of sessions. I've modified my script so I get an email with all GET_VARS, SERVER_VARS etc. whenever the sessiondata is lost. I found a very weird thing with respect to the session cookie. It contained: HTTP_COOKIE = 1; PHPSESSID=f1faf3374d562e8738f64e7e7e030972; pollvoted[1]=1; (... some other data left out for privacy reasons); PHPSESSID=842be4994a9c424fd7d4f9f8049aadc9 There are two separate PHPSESSID's in the same cookie! Maybe one of the too is indeed invalid (no session date) How is this possible? ------------------------------------------------------------------------ [2002-10-15 09:40:21] [EMAIL PROTECTED] Hello, I am also experiencing this bug. I am using Debian, 2.4.18 kernel, SMP machine, PHP 4.2.3. (also observed bug on PHP 4.1.2). The server is not experiencing a heavy load. I am attempting to script a temporary fix for this bug until there is a permanent fix in a stable PHP release. Would something like the following work? 1. At the end of every page request, backup the session file: copy(session_save_path() . '/sess_' . session_id(), session_save_path() . '/sess_' . session_id() . '_bak'); 2. At the top of each script that requires session data, check to see if the main session file has been truncated. If so, replace it with the backup that you have created. Assuming you have the session Id stored in a cookie as 'user_sess_id': if (isset($_COOKIE[user_sess_id]) && file_exists(session_save_path() . '/sess_' . $_COOKIE[user_sess_id] . '_bak') && file_exists(session_save_path() . '/sess_' . $_COOKIE[user_sess_id]) && (filesize(session_save_path() . '/sess_' . $_COOKIE[user_sess_id]) == 0) && (filesize(session_save_path() . '/sess_' . $_COOKIE[user_sess_id] . '_bak') > 0) ) { // restore the session file copy(session_save_path() . '/sess_' . $_COOKIE[user_sess_id] . '_bak', session_save_path() . '/sess_' . $_COOKIE[user_sess_id]); } // continue with script... Does this have any hope of helping restore the lost session data? Or would PHP have already read in the session data from the file on disk before it reaches this point of processing the code? Any advice on how PHP coders can write a temporary fix for this bug would be greatly appreciated. Thanks, Taylor Davis ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/19022 -- Edit this bug report at http://bugs.php.net/?id=19022&edit=1