ID: 19022
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: No Feedback
Bug Type: Session related
Operating System: linux (rh7.3), apache 1.3.26
PHP Version: 4.2.2
New Comment:
I receive this bug too...I have traced it back to breaking as soon as I
use session_id(); function, and then working fine again once use of
that function is removed.
Previous Comments:
------------------------------------------------------------------------
[2002-11-12 14:33:57] [EMAIL PROTECTED]
Another data point. I've recently moved a system from a hosted server
running 4.06 to a server under my control running redhat 7.3 and php
4.2.3 Since the move I've been getting very occasional cases of users
logging in and receiving someone else's session. The session handling
is very simple.
On login
session_name($db_name);
session_start();
$user = new User($userid, $passwd);
session_register("user");
On return
session_name($db_name);
session_start();
I've tried various workarounds like
session.entropy_length = 512
session.entropy_file = /dev/urandom
in the belief that somehow the two people were getting the same ID and
hence temp file
But all this was just thrashing at the problem. Then I checked my own
cookies and discovered the same as
[EMAIL PROTECTED] The cookie contained two session IDs. So I deleted
all relevant cookies. Logged out and in and now I'm back to the
expected single ID in the cookie.
I have logging turned on but have not yet seen any errors.
------------------------------------------------------------------------
[2002-11-11 03:12:24] [EMAIL PROTECTED]
I've seen this bug on FreeBSD since PHP4.0.* series. Now I use 4.2.2.
It happens rarely. I could not figure why - the probability is small.
------------------------------------------------------------------------
[2002-10-22 08:45:42] [EMAIL PROTECTED]
I got this too and its on a low traffic dev server. This
started happening even with old sites. I use FreeBSD and
the latest of everything. I will not upgrade the PHP on my
prod servers until this is resolved. good luck.
------------------------------------------------------------------------
[2002-10-18 03:29:47] [EMAIL PROTECTED]
I'm experiencing this too, and I might have some usefull feedback!
I don't see the 'failed to write' messages. But I do have the random
loss of sessions. I've modified my script so I get an email with all
GET_VARS, SERVER_VARS etc. whenever the sessiondata is lost.
I found a very weird thing with respect to the session cookie. It
contained:
HTTP_COOKIE = 1; PHPSESSID=f1faf3374d562e8738f64e7e7e030972;
pollvoted[1]=1; (... some other data left out for privacy reasons);
PHPSESSID=842be4994a9c424fd7d4f9f8049aadc9
There are two separate PHPSESSID's in the same cookie! Maybe one of the
too is indeed invalid (no session date) How is this possible?
------------------------------------------------------------------------
[2002-10-15 09:40:21] [EMAIL PROTECTED]
Hello,
I am also experiencing this bug. I am using Debian, 2.4.18 kernel, SMP
machine, PHP 4.2.3. (also observed bug on PHP 4.1.2). The server is
not experiencing a heavy load.
I am attempting to script a temporary fix for this bug until there is a
permanent fix in a stable PHP release. Would something like the
following work?
1. At the end of every page request, backup the session file:
copy(session_save_path() . '/sess_' . session_id(),
session_save_path() . '/sess_' . session_id() . '_bak');
2. At the top of each script that requires session data, check to see
if the main session file has been truncated. If so, replace it with
the backup that you have created. Assuming you have the session Id
stored in a cookie as 'user_sess_id':
if (isset($_COOKIE[user_sess_id])
&& file_exists(session_save_path() . '/sess_' .
$_COOKIE[user_sess_id] . '_bak')
&& file_exists(session_save_path() . '/sess_' .
$_COOKIE[user_sess_id]) && (filesize(session_save_path() . '/sess_' .
$_COOKIE[user_sess_id]) == 0)
&& (filesize(session_save_path() . '/sess_' .
$_COOKIE[user_sess_id] . '_bak') > 0) ) {
// restore the session file
copy(session_save_path() . '/sess_' . $_COOKIE[user_sess_id] .
'_bak', session_save_path() . '/sess_' . $_COOKIE[user_sess_id]);
}
// continue with script...
Does this have any hope of helping restore the lost session data? Or
would PHP have already read in the session data from the file on disk
before it reaches this point of processing the code?
Any advice on how PHP coders can write a temporary fix for this bug
would be greatly appreciated.
Thanks,
Taylor Davis
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19022
--
Edit this bug report at http://bugs.php.net/?id=19022&edit=1
