ID: 20449
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: redhat 7.3
PHP Version: 4.4.0-dev
New Comment:
After upgrading to PHP 4.2.3, I'm having the same problem with random
session dataloss. Everything worked just fine before when using 4.0.6.
I'm using linux kernel 2.4.9 on an Intel machine, PHP 4.2.3/Apache
1.3.27. Session data files are stored on a NFS share, standard "files"
handler.
Previous Comments:
------------------------------------------------------------------------
[2002-12-10 09:36:08] [EMAIL PROTECTED]
Upgraded to 4.4.0-dev and I'm still not dancing.
- php.ini settings are the same.
- URL's are not re-written.
- Session data lossage is almost immediate.
also:
- I am implementing virtual hosts.
------------------------------------------------------------------------
[2002-12-07 22:05:11] [EMAIL PROTECTED]
Hey all,
- PHP 4.2.3
- FreeBSD 4.7-RELEASE
- Apache 1.3.27
- Dual processor / SMP Kernel.
I've encountered the same mysterious $_SESSION / session data loss
just as I was about to go live. Also no URL rewriting occurs.
I've read the related/similar bug posts. And have noted the problem
seems to surround SMP kernels and use of the session_id() function. The
posts I read :
Bug #19029
Bug #17846
Bug #19972
Bug #19022
My code which is grossly simpler for efficiency that dies / quickly
expires login sessions. It does server site session management :
<?php
// Setup database connection.
$dblink = mysql_connect("dbserver", "user", "password");
if (!$dblink){ header ("Location: /start?err=db"); } else {
mysql_select_db("sitedb"); }
//* setup key vars.
$activesid = session_id();
$userID = $_SESSION['userID'];
$timeout = $_SESSION['timeout'];
$expired = false;
//* If key vars set, update existing valid session otherwise state
timeout.
if ($userID){
//try to update lease
$query = "UPDATE sesstable SET expiretime=NOW() + INTERVAL $timeout
SECOND WHERE SID='$activesid' AND userID='$userID' AND expiretime >
NOW();";
mysql_query($query);
// Check if session still valid
if (mysql_affected_rows() > 0){
$expired = false;
} else {
$expired=true;
$query = "DELETE FROM sesstable WHERE userID='$userID';";
mysql_query($query);
}
} else { $expired=true;}
if ($expired){ header ("Location: /rstart?err=tm"); }
// do other stuff here.
?>
I had no problem with this code on a single processor system using php
4.0.2
php.ini configs :
[Session]
session.save_handler = files
# /hide -- symlink to /usr/hide
session.save_path = /hide
session.use_cookies = 1
session.name = rnid
session.auto_start = 1
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 43200
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_dividend = 1000
session.gc_maxlifetime = 43200
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
;session.entropy_file = /dev/random
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"
# end session configs.
compile notes :
'./configure' '--with-apxs=/usr/local/sbin/apxs'
'--with-config-file-path=/usr/local/ etc' '--with-mysql=/usr/local'
'--with-expat-dir=/usr/local' '--with-xmlrpc' '--enable- trans-sid'
'--without-pear' '--with-iconv=/usr/local' '--prefix=/usr/local'
------------------------------------------------------------------------
[2002-12-06 09:52:57] [EMAIL PROTECTED]
Back again, with new informations !
I have setup a small test platform, with custom session handlers to a
database, and DBMS in debug mode.
When I force a session write before the end of the script, I get the
whole session var serialized.
When I force a sess_write_close at the same place, I get a truncated
serialized session var (objects missing)
When I let things behave normally, I get a truncated serialized session
var (objects missing)
Thus, I have an hypothesis : The objects inside the session var are
destroyed _before_ the serialization occurs, leading to a truncated
result.
Could you please revert back to me with more on this ?
------------------------------------------------------------------------
[2002-12-05 06:22:50] [EMAIL PROTECTED]
Well, a few checks later, the serialize function is working on my
session var (tested just before the end of the script)
Also, there is no detectable concurrent save of the session, as the
main script is executed only once, while the iframe is run each time.
------------------------------------------------------------------------
[2002-12-05 05:52:52] [EMAIL PROTECTED]
Could possibly be related to Bug #17419 (cross referenced classes are
not supported by the serialization function) ?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20449
--
Edit this bug report at http://bugs.php.net/?id=20449&edit=1
