#27688 [Com]: Session names consisting of only numbers cause session id generation

rodolfo_gonzalez at hotmail dot com Mon, 15 Nov 2004 13:35:44 -0800

 ID:               27688
 Comment by:       rodolfo_gonzalez at hotmail dot com
 Reported By:      ryan at daelibs dot com dot au
 Status:           Assigned
 Bug Type:         Session related
 Operating System: Redhat 9
 PHP Version:      5.0.0RC1
 Assigned To:      amt
 New Comment:


This happens also in PHP 4.3.9, on RedHat 9 and Slackware (from 8.1 to
10.0).


Previous Comments:
------------------------------------------------------------------------

[2004-03-29 09:39:15] [EMAIL PROTECTED]

This happens because PHP turns a numeric session name 
into an array index inside $_COOKIE and we're doing an 
zend_hash_find() instead of a zend_hash_index_find(). 
(ext/session/session.c, line 1098).

We can probably fix the bug by doing a 
zend_hash_index_find() instead if the session name 
successfully converts to a integer.


------------------------------------------------------------------------

[2004-03-29 04:53:03] unknown at simplemachines dot org

Here's a simple workaround:

<?php

// This name works.
//session_name('A9');

// This name doesn't...
session_name('99');

// Force the last session id, not the detected one.
session_id($_COOKIE[session_name()]);

session_start();

echo '
        Session Name: ', session_name(), '<br />
        Session ID: ', session_id(), '<br />
        Cookie: ', $_COOKIE[session_name()];

?>

Removing the session_id() line though, shows that the cookie is still
being properly set.

-[Unknown]

------------------------------------------------------------------------

[2004-03-25 10:23:02] [EMAIL PROTECTED]

Confirmed.
Is this really a doc issue?

------------------------------------------------------------------------

[2004-03-25 00:00:26] ryan at daelibs dot com dot au

Description:
------------
When you use a session name that has only numbers, each call to
session_start seems to regenerate a new session id, so the session does
not persist.

The code below can be loaded and refreshed to reproduce the behaviour


Reproduce code:
---------------
<?php

//This name works
//session_name('A9');

//This name doesn't
session_name('99');

session_start();

echo 'Session Name: '.session_name().'<br />';
echo 'Session Id: '.session_id().'<br />';
?>

Expected result:
----------------
Session Name: 99
Session Id: {{a sid that remains the same between each refresh }} 

Actual result:
--------------
Session Name: 99
Session Id: {{a different sid each refresh}} 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=27688&edit=1

#27688 [Com]: Session names consisting of only numbers cause session id generation

Reply via email to