ID: 20449
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: redhat 7.3
PHP Version: 4.4.0-dev
New Comment:
interesting.
However, I switched my session manager to a dbase function and it still
died. How would file locking effect that?
I'm interested in the fact though that you can actually witness the bug
first hand. I only saw that it was happening. However, I could never
get the thing to happen to me.
Also, since I have gone to my own session code without using php's
built in sessions, I don't have problems at all anymore.
Josh
Previous Comments:
------------------------------------------------------------------------
[2003-01-08 01:19:06] [EMAIL PROTECTED]
My script will fail in as short as 1 request or over 1000 requests.
I did set session.gc_probability = 0 but still fails.
-Ryan
------------------------------------------------------------------------
[2003-01-08 01:13:53] [EMAIL PROTECTED]
I CAN REPRODUCE THIS BUG!!!
Sort of…
I too had my software working perfectly for over a year under PHP 4.0.6
/ Apache 1.3.24 on Win2000 Pro (development) Win2000 Server
(production).
After upgrading to PHP 4.2.3 / Apache 1.3.27 I've been pulling my hair
out with this session disappearing problem. I tried just about
everything I could find in the bug lists mentioned in this bug to no
avail, short of trying latest CVS. I'm short on time and resources and
from what I read; they haven't fixed the problem yet.
As far as it being a serialization problem I don't think so. None of
my session variables are more complex than a string. So I wrote a
simple test and I know it's not IE specific. I could recreate the
problem with IE 6, Opera 6.05, Netscape 7.0, and Mozilla 1.3
I striped the test to be as simple as 1 integer as a session variable
and it would still die.
I removed the counting aspect to verify it wasn't a write problem, just
reading session data would kill it as well.
The error seems to occur if requests are made to the session variable
from different files close enough together in time to cause one to
"lock" the session file while the next request tries to access it.
Resulting in this error:
Warning: open(c:\tmp\sess_c6bdd642a5d88639e785ec13b0d2f126, O_RDWR)
failed: Permission denied (13) in c:\apache\htdocs\testing\session2.php
on line 10
Obviously it DOES have permission or else my scripts would fail all the
time.
This does fail on all Windows servers I tested with PHP 4.2.3. I did
try it on a Slackware 8.1 with PHP 4.2.1 / Apache 1.3.24 and it did NOT
fail.
I hope this helps track down the elusive bug so I don't have to
downgrade back to 4.0.6 but I'm left with few options.
I will try a CVS if you think it might fix it but I've already spent
more time than I have on this. And from what I read, they don't fix
it. If you need more info just ask. I'll try to do what I can.
My test consists of 4 files. Obviously the comments are not part of
the files.
//----------------file: session0.php --------------------
// Just used to clean things up when they get ugly.
//-------------------------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head><title>Session Test</title></head>
<body>
<pre>
<?php
session_start();
session_unset();
session_destroy();
print_r($_SESSION);
?>
</pre>
<a href="session1.php">Load Values</a>
</body>
</html>
//----------------file: session1.php --------------------
// Sets up the session vars
//-------------------------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head><title>Session Test</title></head>
<body>
<pre>
<?php
session_start();
$_SESSION['count'] = 0;
$_SESSION['test_int'] = 2;
$_SESSION['test_real'] = 3.5;
$_SESSION['test_char'] = 'a';
$_SESSION['test_string'] = 'abc';
$ary = array();
$ary[] = 'z';
$ary[] = 'y';
$ary[] = 'x';
$_SESSION['test_array'] = $ary;
print_r($_SESSION);
?>
</pre>
<a href="session0.php">Reset</a>
<br>
<a href="session2.php">Start Test in single page</a>
<br>
<a href="sessionFrames.php">Start Test in frames</a>
</body>
</html>
//----------------file: session2.php --------------------
// Calls itself repeatedly, increments count
//-------------------------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head><title>Session Test</title></head>
<body>
<pre style="font-size: 8pt;">
<?php
session_start();
if (isset($_SESSION['count'])) {
$_SESSION['count']++;
} else { ?>
<script><!--
alert("Session LOST!");
--></script>
<?php
}
print_r($_SESSION);
?>
</pre>
Running...
<?php if (isset($_SESSION) && isset($_SESSION['count']) &&
($_SESSION['count'] > 0)) { ?>
<script><!--
setTimeout("document.location.href='session2.php'", 0);
--></script>
<?php } else { ?>
Session LOST!
<?php } ?>
</body>
</html>
//-------------file: sessionFrames.php ------------------
// Defines the frameset
//-------------------------------------------------------
<html>
<head><title>Session Test</title></head>
<frameset rows="50,50,50,50" framespacing="0" border="1"
frameborder="1">
<frame name="1" src="session2.php" scrolling="no" noresize
marginwidth="0" marginheight="0">
<frame name="2" src="session2.php" scrolling="no" noresize
marginwidth="0" marginheight="0">
<frame name="3" src="session2.php" scrolling="no" noresize
marginwidth="0" marginheight="0">
<frame name="4" src="session2.php" scrolling="no" noresize
marginwidth="0" marginheight="0">
<noframes>
<p>This page uses frames, but your browser doesn't support
them.</p>
</noframes>
</frameset>
</html>
------------------------------------------------------------------------
[2002-12-12 03:58:54] [EMAIL PROTECTED]
After upgrading to PHP 4.2.3, I'm having the same problem with random
session dataloss. Everything worked just fine before when using 4.0.6.
I'm using linux kernel 2.4.9 on an Intel machine, PHP 4.2.3/Apache
1.3.27. Session data files are stored on a NFS share, standard "files"
handler.
------------------------------------------------------------------------
[2002-12-10 09:36:08] [EMAIL PROTECTED]
Upgraded to 4.4.0-dev and I'm still not dancing.
- php.ini settings are the same.
- URL's are not re-written.
- Session data lossage is almost immediate.
also:
- I am implementing virtual hosts.
------------------------------------------------------------------------
[2002-12-07 22:05:11] [EMAIL PROTECTED]
Hey all,
- PHP 4.2.3
- FreeBSD 4.7-RELEASE
- Apache 1.3.27
- Dual processor / SMP Kernel.
I've encountered the same mysterious $_SESSION / session data loss
just as I was about to go live. Also no URL rewriting occurs.
I've read the related/similar bug posts. And have noted the problem
seems to surround SMP kernels and use of the session_id() function. The
posts I read :
Bug #19029
Bug #17846
Bug #19972
Bug #19022
My code which is grossly simpler for efficiency that dies / quickly
expires login sessions. It does server site session management :
<?php
// Setup database connection.
$dblink = mysql_connect("dbserver", "user", "password");
if (!$dblink){ header ("Location: /start?err=db"); } else {
mysql_select_db("sitedb"); }
//* setup key vars.
$activesid = session_id();
$userID = $_SESSION['userID'];
$timeout = $_SESSION['timeout'];
$expired = false;
//* If key vars set, update existing valid session otherwise state
timeout.
if ($userID){
//try to update lease
$query = "UPDATE sesstable SET expiretime=NOW() + INTERVAL $timeout
SECOND WHERE SID='$activesid' AND userID='$userID' AND expiretime >
NOW();";
mysql_query($query);
// Check if session still valid
if (mysql_affected_rows() > 0){
$expired = false;
} else {
$expired=true;
$query = "DELETE FROM sesstable WHERE userID='$userID';";
mysql_query($query);
}
} else { $expired=true;}
if ($expired){ header ("Location: /rstart?err=tm"); }
// do other stuff here.
?>
I had no problem with this code on a single processor system using php
4.0.2
php.ini configs :
[Session]
session.save_handler = files
# /hide -- symlink to /usr/hide
session.save_path = /hide
session.use_cookies = 1
session.name = rnid
session.auto_start = 1
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 43200
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_dividend = 1000
session.gc_maxlifetime = 43200
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
;session.entropy_file = /dev/random
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"
# end session configs.
compile notes :
'./configure' '--with-apxs=/usr/local/sbin/apxs'
'--with-config-file-path=/usr/local/ etc' '--with-mysql=/usr/local'
'--with-expat-dir=/usr/local' '--with-xmlrpc' '--enable- trans-sid'
'--without-pear' '--with-iconv=/usr/local' '--prefix=/usr/local'
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/20449
--
Edit this bug report at http://bugs.php.net/?id=20449&edit=1
