Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1
ID: 61470
Comment by: chris at netshake dot de
Reported by:david at grudl dot com
Summary:session_regenerate_id() do not create session file
Status: Assigned
Type: Bug
Package:Session related
Operating System: ANY
PHP Version:5.4.0
Assigned To:yohgaki
Block user comment: N
Private report: N
New Comment:
This Workaround works well for me.
// Session is already started
session_regenerate_id( true ); // delete old session
session_write_close(); // i'm not sure about that but it's required.
session_start(); // reinitialize session with newly created id from
'session_regenerate_id()'
I hope that future PHP-Versions will not make problems with this.
Greets Chris
Previous Comments:
[2012-03-28 08:02:46] yohg...@php.net
I have to deal with session ID collision detection in session_regenerate_id()
for
strict session.
I think I found what's wrong. Assigned to myself.
[2012-03-27 16:23:37] david at grudl dot com
Usage of echo does not matter.
[2012-03-25 21:00:29] riptide dot tempora at opinehub dot com
How much of the bug is caused by having an echo before session_regenerate_id()
which tries to send a new cookie to the end-user?
[2012-03-22 14:27:49] david at grudl dot com
Because this bug is very insidious and difficult to discover, I offer
workaround
https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241
$_SESSION is backed up before session_start() and restored to preserve the
references.
[2012-03-22 04:48:03] david at grudl dot com
Description:
session_start() creates and locks session file, but session_regenerate_id()
doesn't do it. After session_regenerate_id() session is started with new ID,
but the file is not created immediately (is created when session is closed) and
therefore is not locked.
I think this causes bugs like #49462.
Test script:
---
$path = ini_get('session.save_path') . '/sess_';
session_start();
// starts session creates and locks file
echo is_file($path . session_id()); // - TRUE
session_regenerate_id();
// starts new session, but file is not create!
echo is_file($path . session_id()); // - FALSE
--
Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1
Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1
ID: 61470
Comment by: riptide dot tempora at opinehub dot com
Reported by:david at grudl dot com
Summary:session_regenerate_id() do not create session file
Status: Open
Type: Bug
Package:Session related
Operating System: Windows 7 x64
PHP Version:5.4.0
Block user comment: N
Private report: N
New Comment:
How much of the bug is caused by having an echo before session_regenerate_id()
which tries to send a new cookie to the end-user?
Previous Comments:
[2012-03-22 14:27:49] david at grudl dot com
Because this bug is very insidious and difficult to discover, I offer
workaround
https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241
$_SESSION is backed up before session_start() and restored to preserve the
references.
[2012-03-22 04:48:03] david at grudl dot com
Description:
session_start() creates and locks session file, but session_regenerate_id()
doesn't do it. After session_regenerate_id() session is started with new ID,
but the file is not created immediately (is created when session is closed) and
therefore is not locked.
I think this causes bugs like #49462.
Test script:
---
$path = ini_get('session.save_path') . '/sess_';
session_start();
// starts session creates and locks file
echo is_file($path . session_id()); // - TRUE
session_regenerate_id();
// starts new session, but file is not create!
echo is_file($path . session_id()); // - FALSE
--
Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1
Bug #61470 [Com]: session_regenerate_id() do not create session file
Edit report at https://bugs.php.net/bug.php?id=61470edit=1
ID: 61470
Comment by: david at grudl dot com
Reported by:david at grudl dot com
Summary:session_regenerate_id() do not create session file
Status: Open
Type: Bug
Package:Session related
Operating System: Windows 7 x64
PHP Version:5.4.0
Block user comment: N
Private report: N
New Comment:
Because this bug is very insidious and difficult to discover, I offer
workaround
https://github.com/nette/nette/commit/a4e4e80562cfb45d11d80e05d254fc207c456308#L0R241
$_SESSION is backed up before session_start() and restored to preserve the
references.
Previous Comments:
[2012-03-22 04:48:03] david at grudl dot com
Description:
session_start() creates and locks session file, but session_regenerate_id()
doesn't do it. After session_regenerate_id() session is started with new ID,
but the file is not created immediately (is created when session is closed) and
therefore is not locked.
I think this causes bugs like #49462.
Test script:
---
$path = ini_get('session.save_path') . '/sess_';
session_start();
// starts session creates and locks file
echo is_file($path . session_id()); // - TRUE
session_regenerate_id();
// starts new session, but file is not create!
echo is_file($path . session_id()); // - FALSE
--
Edit this bug report at https://bugs.php.net/bug.php?id=61470edit=1
