From: php at tomarq dot co dot uk
Operating system: all
PHP version: 4.4.1
PHP Bug Type: Session related
Bug description: Session timeout garbage collection bug
Description:
------------
Within the session_start function, the session garbage collection is
performed after reading the session information.
This is the case across all versions of PHP that I have looked at
(4.3.10,4.4.1,5.1.1).
If the garbage collection is set to always run (100/100) and a session has
expired with no other script executions in the meantime, then session_start
will load the session data, and *then* expire the session for the following
script execution.
The garbage collection should delete the expired session file before
trying to load any sessions.
Note that this issue leads to the data we have in our session on run 2
being destroyed, even though the time till our next script execution is
only ~5 seconds (well under our gc_maxlifetime of 10 seconds).
Reproduce code:
---------------
<?
// run this code with with a gc_maxlifetime = 10
// and gc_probability and gc_divisor of 100
// also making sure that no other php scripts
// are run while the test takes place.
header("content-type: text/plain");
session_start();
echo "Current: ".date('l dS \of F Y h:i:s A')."\n";
echo "Before : ".$_SESSION['ts']."\n";
if (!isset($_SESSION['ts'])) $_SESSION['ts'] = date('l dS \of F Y
h:i:s A');
echo "After : ".$_SESSION['ts']."\n";
?>
Expected result:
----------------
-- Run 1 --
Current: Thursday 08th of December 2005 04:09:58 PM
Before :
After : Thursday 08th of December 2005 04:09:58 PM
-- Run 2 -- (15 seconds later)
Current: Thursday 08th of December 2005 04:10:13 PM
Before :
After : Thursday 08th of December 2005 04:10:13 PM
-- Run 3 -- (5 seconds later)
Current: Thursday 08th of December 2005 04:10:18 PM
Before : Thursday 08th of December 2005 04:10:13 PM
After : Thursday 08th of December 2005 04:10:13 PM
Actual result:
--------------
-- Run 1 --
Current: Thursday 08th of December 2005 04:09:58 PM
Before :
After : Thursday 08th of December 2005 04:09:58 PM
-- Run 2 -- (15 seconds later)
Current: Thursday 08th of December 2005 04:10:13 PM
Before : Thursday 08th of December 2005 04:09:58 PM
After : Thursday 08th of December 2005 04:09:58 PM
-- Run 3 -- (5 seconds later)
Current: Thursday 08th of December 2005 04:10:18 PM
Before :
After : Thursday 08th of December 2005 04:10:18 PM
--
Edit bug report at http://bugs.php.net/?id=35602&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=35602&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=35602&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=35602&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=35602&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=35602&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=35602&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=35602&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=35602&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35602&r=support
Expected behavior: http://bugs.php.net/fix.php?id=35602&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=35602&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=35602&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=35602&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35602&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=35602&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=35602&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35602&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=35602&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=35602&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=35602&r=mysqlcfg
