From: php at tomarq dot co dot uk Operating system: all PHP version: 4.4.1 PHP Bug Type: Session related Bug description: Session timeout garbage collection bug
Description: ------------ Within the session_start function, the session garbage collection is performed after reading the session information. This is the case across all versions of PHP that I have looked at (4.3.10,4.4.1,5.1.1). If the garbage collection is set to always run (100/100) and a session has expired with no other script executions in the meantime, then session_start will load the session data, and *then* expire the session for the following script execution. The garbage collection should delete the expired session file before trying to load any sessions. Note that this issue leads to the data we have in our session on run 2 being destroyed, even though the time till our next script execution is only ~5 seconds (well under our gc_maxlifetime of 10 seconds). Reproduce code: --------------- <? // run this code with with a gc_maxlifetime = 10 // and gc_probability and gc_divisor of 100 // also making sure that no other php scripts // are run while the test takes place. header("content-type: text/plain"); session_start(); echo "Current: ".date('l dS \of F Y h:i:s A')."\n"; echo "Before : ".$_SESSION['ts']."\n"; if (!isset($_SESSION['ts'])) $_SESSION['ts'] = date('l dS \of F Y h:i:s A'); echo "After : ".$_SESSION['ts']."\n"; ?> Expected result: ---------------- -- Run 1 -- Current: Thursday 08th of December 2005 04:09:58 PM Before : After : Thursday 08th of December 2005 04:09:58 PM -- Run 2 -- (15 seconds later) Current: Thursday 08th of December 2005 04:10:13 PM Before : After : Thursday 08th of December 2005 04:10:13 PM -- Run 3 -- (5 seconds later) Current: Thursday 08th of December 2005 04:10:18 PM Before : Thursday 08th of December 2005 04:10:13 PM After : Thursday 08th of December 2005 04:10:13 PM Actual result: -------------- -- Run 1 -- Current: Thursday 08th of December 2005 04:09:58 PM Before : After : Thursday 08th of December 2005 04:09:58 PM -- Run 2 -- (15 seconds later) Current: Thursday 08th of December 2005 04:10:13 PM Before : Thursday 08th of December 2005 04:09:58 PM After : Thursday 08th of December 2005 04:09:58 PM -- Run 3 -- (5 seconds later) Current: Thursday 08th of December 2005 04:10:18 PM Before : After : Thursday 08th of December 2005 04:10:18 PM -- Edit bug report at http://bugs.php.net/?id=35602&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=35602&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=35602&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=35602&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=35602&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=35602&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=35602&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=35602&r=needscript Try newer version: http://bugs.php.net/fix.php?id=35602&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=35602&r=support Expected behavior: http://bugs.php.net/fix.php?id=35602&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=35602&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=35602&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=35602&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35602&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=35602&r=dst IIS Stability: http://bugs.php.net/fix.php?id=35602&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=35602&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=35602&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=35602&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=35602&r=mysqlcfg