php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16044 crashing apparently in session module
Submitted: 2002-03-13 12:23 UTC Modified: 2002-08-23 23:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: eblade at blackmagik dot dynup dot net Assigned:
Status: Closed Package: Session related
PHP Version: 4.1.2 OS: Linux 2.4.7
Private report: No CVE-ID: None
View Developer Edit
 [2002-03-13 12:23 UTC] eblade at blackmagik dot dynup dot net 
Using any handler BUT files for sessions seems to crash the PHP program nine times out of ten - once the session is registered, however, it seems to operate just fine.

Here's my session code, hope it will help.  

<?PHP
require_once 'db.php';
$debug_session = 0;
$SESS_DBNAME = "mage";
$SESS_DBTABLE = "sessions";
//$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");
$SESS_LIFE = 1800; // session data not refresh could run for 30 min?

function sess_open($save_path, $session_name) { 
    global $SESS_DBNAME, $SESS_DBTABLE, $debug_session;
    return true;
}

function sess_close() { 
    global $debug_session;
    return true; 
}

function sess_read($key) {
    global $debug_session, $SESS_DBNAME, $SESS_DBTABLE;
    if($debug_session) echo "sess_read($key)<BR>";
	$q = "SELECT svalue FROM $SESS_DBTABLE WHERE sesskey='$key' AND expire < ".time();
	$dbr = db_request($q);
	if($dbr && mysql_num_rows($dbr)) {
		$q = "DELETE FROM $SESS_DBTABLE WHERE sesskey='$key'";
		db_request($q);
		header("Location: expire.php");
		exit;
	}
    $q = "SELECT svalue FROM $SESS_DBTABLE WHERE sesskey='$key' AND expire > " . time();
	$dbr = db_request($q);
    if($debug_session) echo "msql($q) returns $dbr<BR>";
    if(!$dbr) return false;
    $value = mysql_fetch_row($dbr); 
    if($debug_session) echo "sess_read returning $value[0]<BR>";
    return $value[0];
}

function sess_write($key, $val) {
    global $user,$debug_session, $SESS_LIFE, $SESS_DBNAME, $SESS_DBTABLE;
    $expire = time() + (60 * 30);
    $value = addslashes($val);
    $q = "INSERT INTO $SESS_DBTABLE VALUES ('$key', $expire, '$value', '$user[username]', '$user[location]', '$user[activity]')";
	$dbr = db_request($q);
    if($debug_session) echo "sess_write($key, $val)<BR>msql($q) returns $dbr<BR>";
    if(!$dbr) {
        $q = "UPDATE $SESS_DBTABLE SET location='$user[location]',activity='$user[activity]',username='$user[username]',expire=$expire,svalue='$value' WHERE sesskey = '$key' AND expire > " . time();
	$dbr = db_request($q);
    }
    if($debug_session) echo "sess_write() returning $dbr<BR>";
    return $dbr;
}

function sess_destroy($key) {
    global $debug_session, $SESS_DBNAME, $SESS_DBTABLE;
    $q = "DELETE FROM $SESS_DBTABLE WHERE sesskey = '$key'";
    $dbr = db_request($q);
    if($debug_session) echo "sess_destroy($key)<BR>msql($q) return $dbr<BR>";
    return $dbr;
}

function sess_gc($maxlifetime) {
    global $SESS_DBNAME, $SESS_DBTABLE;
    $q = "DELETE FROM $SESS_DBTABLE WHERE expire < " . time();
    $dbr = db_request($q);
    return mysql_affected_rows();
}

function session_dump() {
    $session_array = explode(';',session_encode());
    $html = "<!-- SESSION VARIABLE DUMP\n\n";
    for($x = 0; $x < count($session_array); $x++) {
        $html .= " $session_array[$x] \n";
    }
    $html .= " -->\n\n";
    echo $html;
}

function query_present($loc) {
	global $SESS_DBTABLE;
	$q = "location='$loc' and expire > ".time();
	$f = "username,activity";
	$dbr = db_array($SESS_DBTABLE, $q, $f);
	if(!$dbr) return 0;
	while($x = each($dbr)) {
		$ret[$x['value']['username']] = $x['value']['activity'];
	}
	return $ret;
}

function query_num_online() {
	global $SESS_DBTABLE;
	$q = "expire > ".time();
	$f = "count(*)";
	$dbr = db_single($SESS_DBTABLE, $q, $f);
	return $dbr[0];
}



session_set_save_handler("sess_open", "sess_close", "sess_read",
                         "sess_write", "sess_destroy", "sess_gc");
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-13 12:24 UTC] eblade at blackmagik dot dynup dot net 
db_request() just sends whatever string to the sql database, and db_single() returns a single result from a specified query, if that helps.
 [2002-03-19 05:07 UTC] yohgaki@php.net 
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
 [2002-03-21 16:40 UTC] eblade at blackmagik dot dynup dot net 
backtrace as follows (this looks strange to me.. i did compile with --enable-debug though..):

Program received signal SIGSEGV, Segmentation fault.
zend_hash_add_or_update (ht=0x40506514, 
    arKey=0x80f96e8 "?\226\017\b\b\227\017\b\f", nKeyLength=135239400, 
    pData=0xbfffee7c, nDataSize=4, pDest=0x0, flag=2) at zend_hash.h:197
197			h ^= (ulong) *arKey++;
(gdb) 
Continuing.
Cannot find user-level thread for LWP 8505: generic error
(gdb) bt
#0  zend_hash_add_or_update (ht=Error accessing memory address 0xbfffee50: No such process.
) at zend_hash.h:197
Error accessing memory address 0x4042901c: No such process.
 [2002-04-02 08:53 UTC] yohgaki@php.net 
I actually read your code now.
You should return string type from read function _always_.
It's well known session bug, though.
Duplicate of #14529.
 [2002-04-02 08:58 UTC] yohgaki@php.net 
I actually read your code now.
You should return string type from read function _always_.
It's well known session bug, though.
Duplicate of #14529.
 [2002-08-23 22:37 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-08-23 23:07 UTC] eblade at blackmagik dot dynup dot net 
I just got an email to try the latest CVS -- I believe the problem was fixed in 4.2.0, though I did just fix the code as was suggested.
 [2002-08-23 23:23 UTC] sniper@php.net 
Rasmus said he couldn't reproduce this with latest CVS at least..so assumed it's fixed then.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 13:00:02 2025 UTC