From: phpbug at reider dot net Operating system: debian PHP version: 5.3.1RC2 PHP Bug Type: Session related Bug description: 1st request after expiration loads session data but not subsequent request
Description: ------------ sessions don't appear to expire when expected. for example: a logon request arrives and the app calls session_start() and stores authentication data in the session. session.gc_maxlifetime+n seconds later, a 2nd request arrives. The authentication data is loaded and the 2nd request is processed as if the session is active. A few seconds later a 3rd request arrives; in the 3rd request all the session data is gone, as if the session only just timed out even though the user requested immediately after the 2nd response. Apparently, php deserializes session data and does gc() (if it is to be done) afterwards; so in the 2nd request, the data is loaded into the session, *then* the files are removed. I expected that the 2nd, not 3rd request would have no session data Wouldn'tm it makeore sense to gc *before* loading the session data? That way, it would be the *2nd* request to perceive a session timeout, instead of the 3rd. Reproduce code: --------------- I have session.gc_probability=100 and session.gc_divisor=100 to run gc on each request. Expected result: ---------------- I expected that the 2nd, not 3rd request would have the session data not deserialized. While in practice it will usually be the case that the the gc will occur in a different users process, nevertheless, I suggest that if session_start() does a gc which results in the session data being removed, it should not also load it into the session. -- Edit bug report at http://bugs.php.net/?id=50066&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50066&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50066&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50066&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50066&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50066&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50066&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50066&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50066&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50066&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50066&r=support Expected behavior: http://bugs.php.net/fix.php?id=50066&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50066&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50066&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50066&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50066&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50066&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50066&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50066&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50066&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50066&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50066&r=mysqlcfg