From: asnagy at syr dot edu
Operating system: RH 9 Linux
PHP version: 4.3.2
PHP Bug Type: Session related
Bug description: Session randomly changes session_id
Description:
------------
Our sessions are handled through a database. The handler functions are
managed via a class that was generated by PEAR::DB_DataObjects
For debug purposes, I print out the session_id on everypage, and the
session_id is regenerated randomly after a FEW minutes of nonuse.
The session lengths are set to 1200 seconds (20 minutes)
The session cookie expiration are also set to 20 minutes
I set the GC probability to 100/100 to test that it is being run on every
page click.
We have spent numerous hours debugging code and trying to trace it down;
but have concluded that the session_id is randomly regenerated due to a
bug in PHPs session management.
When the session is regenerated, the old session still exists fully intact
in the db, the new session is null. The cookie still exists.
If you can shed any light as to why this might be happening, I would be
extemely excited!
Reproduce code:
---------------
function read($sess_id)
{
$session = new Session();
$session->id = $sess_id;
if ($session->find(true)) {
return $session->data;
} else {
return NULL;
}
}
function write($sess_id, $data)
{
//Clear session
$session = new Session();
$session->id = $sess_id;
if ($session->find()) {
$session->delete();
}
//Create session
$session = new Session();
$session->id = $sess_id;
$session->stamp = 'NOW()';
$session->data = $data;
$session->insert();
return true;
}
function destroy($sess_id)
{
$session = new Session();
$session->id = $sess_id;
return $session->delete();
}
function gc($max_lifetime)
{
global $db;
$smarty = new Smarty();
$id = '';
$sql = "stamp < NOW() - CAST('" . $max_lifetime .
" seconds' AS INTERVAL)";
$result = $db->query("SELECT id FROM session WHERE " . $sql);
while ($row = $result->fetchRow()) {
$smarty->clear_cache(null, $row['id']);
$id .= $row['id'] . ' ';
}
$db->query("DELETE FROM session WHERE " .
"(data IS NULL OR data NOT LIKE '%username%') OR " .
$sql);
return true;
}
--
Edit bug report at http://bugs.php.net/?id=25057&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25057&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25057&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25057&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25057&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25057&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25057&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25057&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25057&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25057&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25057&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25057&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25057&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25057&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25057&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25057&r=gnused
