ID: 20449
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: redhat 7.3
PHP Version: 4.4.0-dev
New Comment:
Hey all,
- PHP 4.2.3
- FreeBSD 4.7-RELEASE
- Apache 1.3.27
- Dual processor / SMP Kernel.
I've encountered the same mysterious $_SESSION / session data loss
just as I was about to go live. Also no URL rewriting occurs.
I've read the related/similar bug posts. And have noted the problem
seems to surround SMP kernels and use of the session_id() function. The
posts I read :
Bug #19029
Bug #17846
Bug #19972
Bug #19022
My code which is grossly simpler for efficiency that dies / quickly
expires login sessions. It does server site session management :
<?php
// Setup database connection.
$dblink = mysql_connect("dbserver", "user", "password");
if (!$dblink){ header ("Location: /start?err=db"); } else {
mysql_select_db("sitedb"); }
//* setup key vars.
$activesid = session_id();
$userID = $_SESSION['userID'];
$timeout = $_SESSION['timeout'];
$expired = false;
//* If key vars set, update existing valid session otherwise state
timeout.
if ($userID){
//try to update lease
$query = "UPDATE sesstable SET expiretime=NOW() + INTERVAL $timeout
SECOND WHERE SID='$activesid' AND userID='$userID' AND expiretime >
NOW();";
mysql_query($query);
// Check if session still valid
if (mysql_affected_rows() > 0){
$expired = false;
} else {
$expired=true;
$query = "DELETE FROM sesstable WHERE userID='$userID';";
mysql_query($query);
}
} else { $expired=true;}
if ($expired){ header ("Location: /rstart?err=tm"); }
// do other stuff here.
?>
I had no problem with this code on a single processor system using php
4.0.2
php.ini configs :
[Session]
session.save_handler = files
# /hide -- symlink to /usr/hide
session.save_path = /hide
session.use_cookies = 1
session.name = rnid
session.auto_start = 1
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 43200
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_dividend = 1000
session.gc_maxlifetime = 43200
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
;session.entropy_file = /dev/random
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"
# end session configs.
compile notes :
'./configure' '--with-apxs=/usr/local/sbin/apxs'
'--with-config-file-path=/usr/local/ etc' '--with-mysql=/usr/local'
'--with-expat-dir=/usr/local' '--with-xmlrpc' '--enable- trans-sid'
'--without-pear' '--with-iconv=/usr/local' '--prefix=/usr/local'
Previous Comments:
------------------------------------------------------------------------
[2002-12-06 09:52:57] [EMAIL PROTECTED]
Back again, with new informations !
I have setup a small test platform, with custom session handlers to a
database, and DBMS in debug mode.
When I force a session write before the end of the script, I get the
whole session var serialized.
When I force a sess_write_close at the same place, I get a truncated
serialized session var (objects missing)
When I let things behave normally, I get a truncated serialized session
var (objects missing)
Thus, I have an hypothesis : The objects inside the session var are
destroyed _before_ the serialization occurs, leading to a truncated
result.
Could you please revert back to me with more on this ?
------------------------------------------------------------------------
[2002-12-05 06:22:50] [EMAIL PROTECTED]
Well, a few checks later, the serialize function is working on my
session var (tested just before the end of the script)
Also, there is no detectable concurrent save of the session, as the
main script is executed only once, while the iframe is run each time.
------------------------------------------------------------------------
[2002-12-05 05:52:52] [EMAIL PROTECTED]
Could possibly be related to Bug #17419 (cross referenced classes are
not supported by the serialization function) ?
------------------------------------------------------------------------
[2002-12-05 05:46:12] [EMAIL PROTECTED]
Well, I have the same kind of problem (I try to upgrade from 4.0.4pl1 -
I know I should have done this before)
In my case, I use an iframe to display the results of a search. You can
select the page by clicking a number.
This works well with 4.0.4pl1, not with 4.1.7 or 4.2.2
After some searches, I've finally found out that my session was not
correctly saved (neither in a file nor in a db, I tried both)
I tried to force the write of the session with no better results.
As my session var contains an object, I also suspect the serialize
handler.
Another possibility is two instances trying to write the session at the
same time (I use the session both in the main page and in the iframe)
At present, I'm wondering if using the wddx serialization would be
better.
I hope this will help to fix the problem.
Regards,
------------------------------------------------------------------------
[2002-12-04 14:04:05] [EMAIL PROTECTED]
Our objects are fairly complex. Objects w/ local (as much as they can
be) objects and plenty of our friend - the assoc. array.
I was unable to reproduce this issue on my own (maybe you will have
better luck) even though on a normal day I can watch syslog chime out
unserialize errors.
I'd be more then happy to send a session, class definitions, etc. if
needed. Shoot me an e-mail if you need anything.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20449
--
Edit this bug report at http://bugs.php.net/?id=20449&edit=1
