ID: 25876
Comment by: phpbugs at expires-200501 dot dpits dot com
Reported By: golden at riscom dot com
Status: Open
Bug Type: Session related
Operating System: freebsd 4.8
PHP Version: 4.3.3
New Comment:
I can confirm that this bug is still present on Apache 1.3.X with PHP
4.3.10. Today i had some Problems, after Apache restart it works well
(but how long?)... Thankyou.
Previous Comments:
------------------------------------------------------------------------
[2004-12-26 17:59:52] johan at ekenberg dot se
This isn't just on Freebsd - we're seeing this on all our
Linux servers after upgrade -> 4.3.10 (big webhosting
provider in Sweden). A few users are setting
session.save_handler to 'user' with ini_set(); this sticks
and overrides the default ('files'), resulting in broken
sessions for all the other users on the servers.
Temporary solution by using auto_prepend_file in php.ini to
include something like:
<?php
ini_set('session.save_handler', 'files');
?>
seems to work (just tried it, keeping fingers crossed).
This is a critical bug since the security issues in 4.3.9
make a downgrade impossible.
------------------------------------------------------------------------
[2004-12-26 11:43:25] peter at mapledesign dot co dot uk
I can confirm that this bug is still present on Apache 1.3.X with PHP
4.3.10.
I am trying to set the session.save_handler back to files manually, but
consider the need to do this (assuming it works) to be a bug - it should
default back to this, not stick in a process with the previous status.
I am encountering this problem now at two different hosting companies,
and never had this problem before they upgraded to 4.3.10
------------------------------------------------------------------------
[2004-12-26 11:25:12] [EMAIL PROTECTED]
Confirmed on SF.net 4.3.10 Linux
Try several times until error.
http://farplugins.sourceforge.net/test/php.php
<?
session_start();
echo $PHPSESSID;
?>
http://farplugins.sourceforge.net/test/in.php
<?php phpinfo(); ?>
/home/groups/f/fa/farplugins/htdocs/test/.htaccess
<IfModule mod_php4.c>
php_value session.save_path
"/home/groups/f/fa/farplugins/htdocs/test/tmp"
</IfModule>
------------------------------------------------------------------------
[2004-09-28 23:12:14] coadmin at hostings dot pl
We have the same problem.
FreeBSD 4.10-STABLE, PHP 4.3.8, Apache 1.3.31
how to repeat:
<?
session_start();
echo $PHPSESSID;
?>
then refresh the website a many times.
you will receive an error:
Fatal error: session_start(): Failed to initialize storage module:
user (path: /tmp) in /home/xxx/public_html/index.php on line 2
the problem still exists also when using custom dir for saving session
files.
------------------------------------------------------------------------
[2004-08-16 17:32:30] ron at dse dot nl
Clearing the x-bit did not solve the problem. Probably this bug is not
really related to the X-bit-hack but merely very similar in it's
effects.
The way to work around this bug is by avoiding php ini settings in all
.htaccess files on your Apache server and instead put them in the
application. For Drupal for instance, I moved these settings to
conf.php by using ini_set() there. Squirrelmail even has a special
config_local.php that you can use for this.
More info on my particular setup:
Apache 1.3.29 with o.a. mod_suexec and mod_rewrite
PHP 4.3.8 (but same issue with 4.3.4)
applications installed within same vhost
Hope this will help developers find this annoying bug.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/25876
--
Edit this bug report at http://bugs.php.net/?id=25876&edit=1
