[PHP-DEV] Bug #12267: Session (concurrency ?) problem

Thu, 19 Jul 2001 12:26:41 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      4.0.6
PHP Bug Type:     Unknown/Other Function
Bug description:  Session (concurrency ?) problem

While testing a php apllication, I found that I had some trouble with
session variables (php4 native sessions, not phplib's crappy ones), at this
point I was using a custom MySQL session handler (with
session_set_save_handler).

After adding some error_log calls in my custom session handler functions, I
managed to see that the problem was coming from  the fact that a session
was reopened before the current one was written to the database :

(in chronological order)

 request A                                request B

 HTTP request A is made on page1.php
 session open by session_start:
    session variable A equals 0
 request A is being treated:
    session variable A is set to 1
 redirection is made with header()
    to page2.php       ------------------> request B is made on
page2.phpA
 exit()
                                           session open by session _start
                                           session variable A equals 0
                                           treatment made by my
application:
                                               no change to make to
variable A if
                                               variable A is 0
 php saves the session
  => A is stored with value 1              exit()

                                           php saves the session
                                            => A is stored with value 0

And in the end, A ends up being 0, which is not what it should be.

I found a way of making the bug go away (for a moment) : make a sleep(2) in
my session 'open' handler.   :)))

This "solved" the problem and I concluded the bug was only due to my fault
: I should have locked my session table (or row...) to avoid race
conditions and concurrency problems.

Then I thought that such a locking should have been done by the php session
layer itself, because this issue is common to all session handlers you can
use or define. And I found in the online documentation session_end and
session_readonly which seemingly were tackling with similar concurrency
issue, and I concluded this was worked on and would probably be solved in
some next release, but php 4.0.6 doesn't solve the problem, and the
session_end and session_readonly functions - though they appear in the
documentation - are not even appearing in the CVS code.

So my question : is this really a known issue ? is a fix for this planned
soon ?

Thank you !!

-- 
Edit bug report at: http://bugs.php.net/?id=12267&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to