|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-10-21 08:37 UTC] php at webfreezer dot com
Description: ------------ PHP sometimes does not want to use the sessionID given via GET! This happens only on some occasions however it is reproducible on such a certain page. I regret that I cannot post a short code snippet because it simply does not happen when testing with a short code snippet. What happens is the following: - the SID is used as a GET parameter (this works on every other page!) - $sidname=session_name(); echo $_GET[$sidname] outputs the correct SID visible in the URL (e.g. "/search.php?page=2&qid=1&sessionID=1291bfd78301f151803ca632cd41f626") - however echo session_id() outputs a totally different SID! - both (old and new) SID files exist and are readable session.auto_start=0 session.use_cookies=0 session.use_only_cookies=0 session.referer_check=0 I even implemented my own session handler and it appears that PHP does not even call the OPEN function for the "old" SID that it no longer wants to use. I also tried to use the generic PHPSESSID name instead of the custom "sessionID" by not setting the custom name, but the problem still exists. This is my configure line: './configure' '--with-apache=../apache_1.3.28' '--with-mhash=/usr/local/lib' '--with-zlib-dir=/usr/local/lib' '--with-zip=/usr/local/lib' '--enable-memory-limit' '--enable-versioning' '--with-gd' '--enable-exif' '--with-config-file-path=/etc' '--enable-magic-quotes' '--enable-thread-safety' '--with-gettext' '--with-xml' '--with-mcrypt' '--enable-calendar' '--enable-bcmath' '--with-curl' '--with-curlwrappers' '--enable-ftp' '--enable-wddx' '--with-jpeg-dir=/usr/lib' PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sun Aug 18 22:01:28 2024 UTC |
This still happens in Version 4.3.4 which is now installed on the live system. What I do: - ini_set(session settings...) - session_start() - accessing the session values via $_SESSION - I don?t use sesson_register() and session_unregister() - Post a form via GET -> error occurs? -> redirect via header() with attached SID -> display page -> PHP ignores given sessionID - URL e.g. error.php?e=noresults_city&qid=1&sessionID=92f9dcf7a0d89eaa2b0bc8f2e4dfd460&token=d03d28781b196bd362b9aeb7844e8e85 - session_id() however is different from "$_GET[session_name()]" then - The error occurs everytime a new session is used (e.g. accessing the website and submitting the form for the first time int the session) I found at least a workaround for that: // Auto-Reset to correct session data $sn=session_name(); if($_GET[$sn] != session_id()) { $sessionSavePath=ini_get("session.save_path"); $oldSessionContent=file_get_contents($sessionSavePath."/sess_".$_GET[$sn]); session_decode($oldSessionContent); } If the error occurs it is now fixed on-the-fly. This works _everytime_ when the error occurs. As I said before the session file exists, it is readable and can be accessed without any problems, so it?s no wonder this workaround works.