php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55267 session_regenerate_id fails after header sent even if session.use_cookies = 0
Submitted: 2011-07-22 12:00 UTC Modified: 2011-08-29 21:19 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jesse dot hallam at gmail dot com Assigned: bjori (profile)
Status: Closed Package: Session related
PHP Version: 5.3.6 OS: Linux
Private report: No CVE-ID: None
 [2011-07-22 12:00 UTC] jesse dot hallam at gmail dot com
Description:
------------
When unit testing session-related code in a CLI environment, appropriate PHP ini settings combined with passing false to session_cache_limiter can allow sessions to be started even if output has been already sent.

Unfortunately, session_regenerate_id() fails unconditionally even when no cookie headers would have been sent:

// session.c, session_regenerate_id
if (SG(headers_sent)) {
    php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot regenerate session id - headers already sent");
    RETURN_FALSE;
}

// session.c, php_session_reset_id
if (PS(use_cookies) && PS(send_cookie)) {
    php_session_send_cookie(TSRMLS_C);
    PS(send_cookie) = 0;
}

Is this just an oversight? Or intentional?

Test script:
---------------
<?php
ini_set( 'session.use_cookies', 0 );
ini_set( 'session.use_only_cookies', 0 );
ini_set( 'session.use_trans_id', 1 );

// Don't send headers!
session_cache_limiter( false );

echo 'test';

// Succeeds
session_start();

// Fails
session_regenerate_id();
?>

Expected result:
----------------
No warnings or errors.
Output: 
test

Actual result:
--------------
testPHP Warning:  session_regenerate_id(): Cannot regenerate session id - headers already sent in /home/jesse.hallam/tmp/session_test.php on line 15
PHP Stack trace:
PHP   1. {main}() /home/jesse.hallam/tmp/session_test.php:0
PHP   2. session_regenerate_id() /home/jesse.hallam/tmp/session_test.php:15


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-22 12:01 UTC] jesse dot hallam at gmail dot com
-Summary: session_regenerate_id fails after header sent even if ini.use_cookies = 0 +Summary: session_regenerate_id fails after header sent even if session.use_cookies = 0
 [2011-07-22 12:01 UTC] jesse dot hallam at gmail dot com
Correcting summary so as not to suggest an invalid ini setting is being used.
 [2011-08-29 21:19 UTC] bjori@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: bjori
 [2011-08-29 21:19 UTC] bjori@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2011-08-29 21:20 UTC] bjori@php.net
Automatic comment from SVN on behalf of bjori
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=315744
Log: fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0
 [2012-04-18 09:49 UTC] laruence@php.net
Automatic comment on behalf of bjori
Revision: http://git.php.net/?p=php-src.git;a=commit;h=53bfe7648949f64e90b2402d7ff5609a98cade51
Log: fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0
 [2012-07-24 23:40 UTC] rasmus@php.net
Automatic comment on behalf of bjori
Revision: http://git.php.net/?p=php-src.git;a=commit;h=53bfe7648949f64e90b2402d7ff5609a98cade51
Log: fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0
 [2013-11-17 09:36 UTC] laruence@php.net
Automatic comment on behalf of bjori
Revision: http://git.php.net/?p=php-src.git;a=commit;h=53bfe7648949f64e90b2402d7ff5609a98cade51
Log: fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 09:01:32 2024 UTC