PHP :: Bug #47610 :: Block access to session file.

Bug #47610

Block access to session file.

Submitted:

2009-03-10 01:14 UTC

Modified:

2009-03-10 10:18 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

lonelywolf at damagelab dot org

Assigned:

Status:

Not a bug

Package:

Session related

PHP Version:

5.2.9

OS:

Linux, Ubuntu 8.10

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2009-03-10 01:14 UTC] lonelywolf at damagelab dot org

Description:
------------
Hello. A mistake is noticed when you try paying for the session while working with it at this point.
I'm from Russia, therefore, to explain through an interpreter is not the best option, I will show you some example code, and you can understand the result of work.

Reproduce code:
---------------
Example source code: http://www.damagelab.org/dl/scripts/phpbuginsession.zip

zip.php - test file for sleep on wrok with session.
ajax.php - interface for example testing, include 2 ajax query.
ajax.js - library for used ajax.php
log.txt - debug log with result in real-time working

Expected result:
----------------
He must show for every ajax request(ajax.php?do=status):
46:[00:26:46] work 2
47:[00:26:46] work 2
48:[00:26:46] work 2
49:[00:26:49] work 3


Actual result:
--------------
52:[00:26:52] end

This finding does not immediately, but only when the script is run for zip.php and the latest result.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-10 10:18 UTC] jani@php.net

RTFM: http://php.net/session_write_close

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 06:01:35 2024 UTC