From: kenashkov at gmail dot com Operating system: Fedora Core 4 PHP version: 4.4.1 PHP Bug Type: Session related Bug description: garbage_collector calling sequence
Description: ------------ Let suppose that we use the session_set_save_handler to register own session handling functions and we have an expired session (but not cleaned by the garbage collector yet). When we start the session with session_start() we get the following sequence of calling the registered functions: open read gc write close I think the garbage collector (gc) should be called BEFORE the read function (in order to clean that expired session beofre it is read). In the way it is, is possible for the web site visitor to use an old session (only once of course, because immediately after read is called gc and for the second visit the session will be already deleted). Maybe the same problem exists when is not used the session_set_save_handler, but with it the sequence can be seen. Reproduce code: --------------- <? function open() { print 'open<br>'.PHP_EOL; return true; } function close() { print 'close<br>'.PHP_EOL; return true; } function read() { print 'read<br>'.PHP_EOL; return ''; } function write() { print 'write<br>'.PHP_EOL; return true; } function destroy() { print 'destroy<br>'.PHP_EOL; return true; } function gc() { print 'gc<br>'.PHP_EOL; return true; } ini_set('session.gc_probability',1); ini_set('session.gc_divisor',1); session_set_save_handler('open','close','read','write','destroy','gc'); session_start(); session_write_close(); ?> Expected result: ---------------- open gc read write close Actual result: -------------- open read gc write close -- Edit bug report at http://bugs.php.net/?id=35479&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35479&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=35479&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=35479&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=35479&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=35479&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=35479&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=35479&r=needscript Try newer version: http://bugs.php.net/fix.php?id=35479&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=35479&r=support Expected behavior: http://bugs.php.net/fix.php?id=35479&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=35479&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=35479&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=35479&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35479&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=35479&r=dst IIS Stability: http://bugs.php.net/fix.php?id=35479&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=35479&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=35479&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=35479&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=35479&r=mysqlcfg