Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1 ID: 61470 Comment by: chris at netshake dot de Reported by:david at grudl dot com Summary:session_regenerate_id() do not create session file Status: Assigned Type: Bug Package:Session related Operating System: ANY PHP Version:5.4.0 Assigned To:yohgaki Block user comment: N Private report: N New Comment: This Workaround works well for me. // Session is already started session_regenerate_id( true ); // delete old session session_write_close(); // i'm not sure about that but it's required. session_start(); // reinitialize session with newly created id from 'session_regenerate_id()' I hope that future PHP-Versions will not make problems with this. Greets Chris Previous Comments: [2012-03-28 08:02:46] yohg...@php.net I have to deal with session ID collision detection in session_regenerate_id() for strict session. I think I found what's wrong. Assigned to myself. [2012-03-27 16:23:37] david at grudl dot com Usage of echo does not matter. [2012-03-25 21:00:29] riptide dot tempora at opinehub dot com How much of the bug is caused by having an echo before session_regenerate_id() which tries to send a new cookie to the end-user? [2012-03-22 14:27:49] david at grudl dot com Because this bug is very insidious and difficult to discover, I offer workaround https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241 $_SESSION is backed up before session_start() and restored to preserve the references. [2012-03-22 04:48:03] david at grudl dot com Description: session_start() creates and locks session file, but session_regenerate_id() doesn't do it. After session_regenerate_id() session is started with new ID, but the file is not created immediately (is created when session is closed) and therefore is not locked. I think this causes bugs like #49462. Test script: --- $path = ini_get('session.save_path') . '/sess_'; session_start(); // starts session creates and locks file echo is_file($path . session_id()); // - TRUE session_regenerate_id(); // starts new session, but file is not create! echo is_file($path . session_id()); // - FALSE -- Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1
Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1 ID: 61470 Comment by: riptide dot tempora at opinehub dot com Reported by:david at grudl dot com Summary:session_regenerate_id() do not create session file Status: Open Type: Bug Package:Session related Operating System: Windows 7 x64 PHP Version:5.4.0 Block user comment: N Private report: N New Comment: How much of the bug is caused by having an echo before session_regenerate_id() which tries to send a new cookie to the end-user? Previous Comments: [2012-03-22 14:27:49] david at grudl dot com Because this bug is very insidious and difficult to discover, I offer workaround https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241 $_SESSION is backed up before session_start() and restored to preserve the references. [2012-03-22 04:48:03] david at grudl dot com Description: session_start() creates and locks session file, but session_regenerate_id() doesn't do it. After session_regenerate_id() session is started with new ID, but the file is not created immediately (is created when session is closed) and therefore is not locked. I think this causes bugs like #49462. Test script: --- $path = ini_get('session.save_path') . '/sess_'; session_start(); // starts session creates and locks file echo is_file($path . session_id()); // - TRUE session_regenerate_id(); // starts new session, but file is not create! echo is_file($path . session_id()); // - FALSE -- Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1
Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1 ID: 61470 Comment by: david at grudl dot com Reported by:david at grudl dot com Summary:session_regenerate_id() do not create session file Status: Open Type: Bug Package:Session related Operating System: Windows 7 x64 PHP Version:5.4.0 Block user comment: N Private report: N New Comment: Because this bug is very insidious and difficult to discover, I offer workaround https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241 $_SESSION is backed up before session_start() and restored to preserve the references. Previous Comments: [2012-03-22 04:48:03] david at grudl dot com Description: session_start() creates and locks session file, but session_regenerate_id() doesn't do it. After session_regenerate_id() session is started with new ID, but the file is not created immediately (is created when session is closed) and therefore is not locked. I think this causes bugs like #49462. Test script: --- $path = ini_get('session.save_path') . '/sess_'; session_start(); // starts session creates and locks file echo is_file($path . session_id()); // - TRUE session_regenerate_id(); // starts new session, but file is not create! echo is_file($path . session_id()); // - FALSE -- Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1