From: Operating system: Linux PHP version: 5.3.8 Package: Session related Bug Type: Bug Bug description:session_id() - Limits on amount session_regenerate_id() can be used with sha512
Description: ------------ I am not sure if this is a bug or a feature in terms of limits due to a test case exceeding internal limits. Scenario #1. Using session_regenerate_id() over 39 times results in the following errors: Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent Scenario #2. Using session_regenerate_id() over 19 times results in the following errors: Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent; when the following parameters are modified: ini_set("session.entropy_file", "/dev/urandom"); ini_set("session.entropy_length", "512"); ini_set("session.hash_function", "sha512"); Test script: --------------- session_start(); function _regenIDdef($old){ session_regenerate_id(true); $_SESSION = $old; } function _prettyPrint($id, $i){ echo sprintf('Iteration: %d : ID: %s => Length: %d<br/>', $i, $id, strlen((string)$id)); } function _collide($array){ $x=0; foreach($array as $k => $v){ if (count(in_array($v, $array))>1){ $x = $x++; echo sprintf('Collision found at %d session id %s<br/>', $k, $v); } } echo sprintf('Total collisions found %d<br/>', $x); } function _loop($id, $int){ $a = array(); for($i=0; $i<$int; $i++){ _regenIDdef($id); _prettyPrint(session_id(), $i); $a[$i]=session_id(); } _collide($a); } echo '<b>Testing with PHP defaults</b><br/>'; _loop(session_id(), 40, 'a'); echo '<b>Testing with /dev/urandom & entropy 32</b><br/>'; ini_set("session.entropy_file", "/dev/urandom"); ini_set("session.entropy_length", "512"); ini_set("session.hash_function", "sha512"); _loop(session_id(), 20, 'a'); ?> Expected result: ---------------- No errors returning about not being able to regenerate a new session_id Actual result: -------------- Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent -- Edit bug report at https://bugs.php.net/bug.php?id=55787&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55787&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55787&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55787&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55787&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55787&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55787&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55787&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55787&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55787&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55787&r=support Expected behavior: https://bugs.php.net/fix.php?id=55787&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55787&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55787&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55787&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55787&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=55787&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55787&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55787&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55787&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55787&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55787&r=mysqlcfg