From: kenashkov at gmail dot com
Operating system: Fedora Core 4
PHP version: 4.4.1
PHP Bug Type: Session related
Bug description: garbage_collector calling sequence
Description:
------------
Let suppose that we use the session_set_save_handler to register own
session handling functions and we have an expired session (but not cleaned
by the garbage collector yet). When we start the session with
session_start() we get the following sequence of calling the registered
functions:
open
read
gc
write
close
I think the garbage collector (gc) should be called BEFORE the read
function (in order to clean that expired session beofre it is read). In
the way it is, is possible for the web site visitor to use an old session
(only once of course, because immediately after read is called gc and for
the second visit the session will be already deleted).
Maybe the same problem exists when is not used the
session_set_save_handler, but with it the sequence can be seen.
Reproduce code:
---------------
<?
function open() { print 'open<br>'.PHP_EOL; return true; }
function close() { print 'close<br>'.PHP_EOL; return true; }
function read() { print 'read<br>'.PHP_EOL; return ''; }
function write() { print 'write<br>'.PHP_EOL; return true; }
function destroy() { print 'destroy<br>'.PHP_EOL; return true; }
function gc() { print 'gc<br>'.PHP_EOL; return true; }
ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);
session_set_save_handler('open','close','read','write','destroy','gc');
session_start();
session_write_close();
?>
Expected result:
----------------
open
gc
read
write
close
Actual result:
--------------
open
read
gc
write
close
--
Edit bug report at http://bugs.php.net/?id=35479&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35479&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=35479&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=35479&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=35479&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=35479&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=35479&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=35479&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=35479&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35479&r=support
Expected behavior: http://bugs.php.net/fix.php?id=35479&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=35479&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=35479&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=35479&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35479&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=35479&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=35479&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35479&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=35479&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=35479&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=35479&r=mysqlcfg
