ID: 25876 Comment by: phpbugs at expires-200501 dot dpits dot com Reported By: golden at riscom dot com Status: Open Bug Type: Session related Operating System: freebsd 4.8 PHP Version: 4.3.3 New Comment:
I can confirm that this bug is still present on Apache 1.3.X with PHP 4.3.10. Today i had some Problems, after Apache restart it works well (but how long?)... Thankyou. Previous Comments: ------------------------------------------------------------------------ [2004-12-26 17:59:52] johan at ekenberg dot se This isn't just on Freebsd - we're seeing this on all our Linux servers after upgrade -> 4.3.10 (big webhosting provider in Sweden). A few users are setting session.save_handler to 'user' with ini_set(); this sticks and overrides the default ('files'), resulting in broken sessions for all the other users on the servers. Temporary solution by using auto_prepend_file in php.ini to include something like: <?php ini_set('session.save_handler', 'files'); ?> seems to work (just tried it, keeping fingers crossed). This is a critical bug since the security issues in 4.3.9 make a downgrade impossible. ------------------------------------------------------------------------ [2004-12-26 11:43:25] peter at mapledesign dot co dot uk I can confirm that this bug is still present on Apache 1.3.X with PHP 4.3.10. I am trying to set the session.save_handler back to files manually, but consider the need to do this (assuming it works) to be a bug - it should default back to this, not stick in a process with the previous status. I am encountering this problem now at two different hosting companies, and never had this problem before they upgraded to 4.3.10 ------------------------------------------------------------------------ [2004-12-26 11:25:12] [EMAIL PROTECTED] Confirmed on SF.net 4.3.10 Linux Try several times until error. http://farplugins.sourceforge.net/test/php.php <? session_start(); echo $PHPSESSID; ?> http://farplugins.sourceforge.net/test/in.php <?php phpinfo(); ?> /home/groups/f/fa/farplugins/htdocs/test/.htaccess <IfModule mod_php4.c> php_value session.save_path "/home/groups/f/fa/farplugins/htdocs/test/tmp" </IfModule> ------------------------------------------------------------------------ [2004-09-28 23:12:14] coadmin at hostings dot pl We have the same problem. FreeBSD 4.10-STABLE, PHP 4.3.8, Apache 1.3.31 how to repeat: <? session_start(); echo $PHPSESSID; ?> then refresh the website a many times. you will receive an error: Fatal error: session_start(): Failed to initialize storage module: user (path: /tmp) in /home/xxx/public_html/index.php on line 2 the problem still exists also when using custom dir for saving session files. ------------------------------------------------------------------------ [2004-08-16 17:32:30] ron at dse dot nl Clearing the x-bit did not solve the problem. Probably this bug is not really related to the X-bit-hack but merely very similar in it's effects. The way to work around this bug is by avoiding php ini settings in all .htaccess files on your Apache server and instead put them in the application. For Drupal for instance, I moved these settings to conf.php by using ini_set() there. Squirrelmail even has a special config_local.php that you can use for this. More info on my particular setup: Apache 1.3.29 with o.a. mod_suexec and mod_rewrite PHP 4.3.8 (but same issue with 4.3.4) applications installed within same vhost Hope this will help developers find this annoying bug. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25876 -- Edit this bug report at http://bugs.php.net/?id=25876&edit=1