This has been fixed in PHP 4.0.1. Please upgrade.

I am sorry, but the reported errors are still in verson 4.0.1 pl2. 

"session.gc_probability = 100" setting in PHP.INI delete ALL other sessions 
(only one session can be used at the time - if are connected 2 clients to 
server, the second client owerwrites or deletes session of the first client, 
etc.). 

"session.gc_maxlifetime" also does not work = I can read values from the 
session while the session is manualy deleted  (when "session.gc_probability 
is set to 1). 

The session_destroy() function also does not work (Values of variables are 
still in the session file after calling this function). 

Other session related functions works OK. 

Tested OS:  Windows 2000 Professional 
PHP version: 4.0.1 pl2 with included PHP.INI-DIST (CGI) 
WWW server: Apache 1.3.12 running as a service. 

Jiri Kori

seems to be a windows-only problem,
maybe related to atime and unlink
incompatibilites?

Do you use NTFS or FAT on partition where session files are stored?

I use FAT32. I will try NTSF tomorow...

Please, download and try my sample scipts from 

http://www.webace.cz/session.zip

There is my PHP.INI for testing use also...

Please attach your test scripts into this report directly.

(We are so lazy that we don't want to go and download
something from some url and then unzip it and then attach
it here by ourselves..=)

And by attaching those scripts here, they will be available
all time even if your site is down or you decide to delete 
that zip-file.

--Jani

To Jani: OK, there are my sample scripts :-)


----- index.php ----

<?php

	
	session_name("uid");
	session_start();

	session_register("param1");	
	
	$param1 = "registered";

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here</a>";		

	print($t);

?>



------ test.php -----


<?php

	
	session_name("uid");
	session_start();

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here after 60 seconds</a><br>";		

	$t .= "<a href=\"destroy.php?" . SID . "\">Click here to destroy session</a>";		

	print($t);

?>





------ destroy.php ------

<?php

	
	session_name("uid");
	session_start();

	session_destroy();

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here</a><br>";	

	print($t);

?>





----- PHP.INI (session section) -----


[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1      ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 60    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes



-----------------------------

Other options in PHP.INI are default.

Please, try also set "session.gc_probability = 100" in PHP.INI and run these scripts from two browser windows (it simulates 2 connected users) and you will see how second user with other UID ovewrites session od the first user.

PHP: 4.0.1pl2
Tested OS: W2K PRO & SERVER
WWW: Apache 1.3.12 & IIS 5.0


Jiri Kori

Please try php4.0.2 or preferrably latest CVS or snapshot.

--Jani

I'm sorry I can't test the snapshots because I haven't MS VC++.

I tested the latest release version 4.0.3 with my sample scripts and the same PHP.INI's setting I post with my previous comments.

I'm sorry,  there are still ALL errors I reported before.

Calling Session_Destoy() function wrote:  Warning: Session object destruction failed in c:\www\session\destroy.php on line 7

I found a new bug, maybe :-)  When the "session.use_trans_sid = 1", SID is attached to all IMG tags in script also.

For example <img src="image.gif" width="100" height="80" alt=""> is after execution of the script changed to <img src="image.gif?uid=e7ad41c1e3fc6d775886a520ee4a6e50" width="100" height="80" alt="">.



OS: Windows 2000 server with SP1
PHP: 4.0.3 php4isapi.dll with IIS or PHP.EXE with Apache 3.1.12
PHP.INI-DIST included in 4.0.3 ZIP file with session settings:

[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1 (OR 100)       ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 1440    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes
session.use_trans_sid     = 0       ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
                                    
----------------------------                                    

Please, try my sample scripts I post with my previous comments...


--Kori

can you please try a actual dev version, i.e. from www.php4win.de an report which problems are still persistent?

I tested PHP version php4.0.4-dev-win32-20001022 with my sample scripts and there is my results:

Corrected bugs:

1) Session_Destroy() functions works fine. Session files are successfully deleted from Temp directory.
2) When "session.use_trans_sid = 1", SID is attached only to A HREF, FORMS, etc tags and is not attached to IMG tags. It's OK.

Open bugs:

1) "session.gc_maxlifetime" does not work - I set this to 60 sec, but I can read values from the session even this time was expired. (I start the session and then I wait more than 60 sec before I will call other script)

2) When I set "session.gc_probability = 100"  in PHP.INI, ALL other session files are deleted (only one session can be used at the time - if are connected 2 clients to server, the second client owerwrites or deletes session of the first client, etc.). 
This bug is maybe related to "session.gc_maxlifetime" bug.

------------------------

Tested OS: W2K server with SP1
Web server: Apache 3.1.12 
PHP: php4.0.4-dev-win32-20001022 (CGI)


Session settings in my PHP.INI
---------------------------------------
[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 100       ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 60    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes
session.use_trans_sid     = 0       ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

-----------------------------

Sorry for my bad English :-)

-- Kori

You have only misunderstood the meanings:

session.gc_maxlifetime -> Max lifetime of data. After
this time has elapsed data is considered being garbage.

session.gc_probability -> Percentual propability for
garbage cleaning to be executed. 

100% probability happens always.. 1% happens less often.

--Jani

User feedback:
--------------

1) "session.gc_maxlifetime" does not work - I set this to 60 sec, but I can read values from the session even this time was expired. (I start the session and then I wait
more than 60 sec before I will call other script)

2) When I set "session.gc_probability = 100"  in PHP.INI, ALL other session files are deleted (only one session can be used at the time - if are connected 2 clients to
server, the second client owerwrites or deletes session of the first client, etc.). 
This bug is maybe related to "session.gc_maxlifetime" bug.
---------------

I tried this myself on Linux -> Works as expected.
But as I don't have any Windows to test this on,
I just have to trust the user that this isn't working..

User tested with php4.0.4-dev-win32-20001123

Could someone using Windows try and check this out??

--Jani

Verified on WIn 2k IIS 5, ISAPI dll.

Jani & I checked this was the case on my system too. we think it appears to be releated to atime and ulink (We think..)

James

Is this still the behaviour of the latest RC?

http://phpuk.org/~james/php-4.1.0RC3-win32.zip

Feedback.

No feedback. Closing.

The reported errors are still in verson 4.1.2.

System: w2k, CGI-version.

It seems it never worked under windows.
Reopen

After I tried about a week, by just setting the lifetime VERY high (40000 first), maybe I can give a hint:

With this very high value it worked, so I tried where exactly was the critical point. It was somewhat about 32000. Slightly below, all session files were deleted as described, slightly over not. But then the error reoccurred with the same value. 

After some tries I found out the following: I set back the time on the server one hour and it worked again. Here the times and the critical points:

At 9:24 local time : 30290 
At 10:28 : 34100

34100-30290=3810, which would be 63.5 minutes when interpretad as seconds, which is the server's time difference...

Since 10:28 means 37680 s since 0:00, there seems to be an additional hour - maybe due to GMT setting (+1) I thought, but it was the automatic daylight saving (or is it called summer time???) setting. When turned off, at 9:45 the point was at 35100=9.75 hours...

I hope that helps... ;-)

-- mike

I've exactly the same problem with Windows 2000, php 4.2.0 and apache 1.3

I really don't see anybody with any interest in writing code to make this work on FAT filesystems.  Don't run web servers on crap filesystems.  If you do, write your own session handler.  Same goes for filesystems where file modification timestamps are ignored.  Write your own session handler and manage the garbage collection yourself.  We'll need to document this, of course, so marking this as a documentation problem.

The fact that the filebased session handler needs a filesystem with atime support has now been documented.

I did some testing as Mike did ([31 31 Mar 3:49am] bergmann@evisio.de) and I try to see what is the exact value to be set for gc_maxlifetime to work in my sistem.

BTW I use win2000+iis5+php4.2.2.

I was very surprised to see that value 37000 worked for a period of time but later the minimum was 38000 and so on.
So it's something related to sistem time not files(to be considered garbage) In fact garbage control in windows work like this:

at gc_maxlifetime seconds from midnight all other session files are deleted - definitly a bug.

Corneliu

I experienced this problem with session_destroy() running PHP 4.2.3 on Windows 2000 Server SP3 and IIS 5.0.

The issue was indeed FAT vs NTFS, but not just because of the file system, but because I had not given my INET_computername account MODIFY access to the sessiondata directory.  

This is documented on php.net, however I somehow missed it when I first assigned permissions to the sessiondata directory (I initally put only  Read & Execute, List, Write and Read)

I have the same problem that you, but in linux(Red Hat) and I am sure that he is bug so that in previous versions walked well, script, somebody can give a hand me?

it excuses by my ingles

i have a problem i am unable to set the session life time 2 based on conditions session.gc_maxlifetime to 3600 and session.gc_maxlifetime to 1800 in the ini_set.
But i was able to set it through .htaccess file to one time only. any body can help. I am running winXP php 4.3.2 runs as module.