PHP :: Bug #30240 :: session_start() launches new session everytime

Bug #30240	session_start() launches new session everytime
Submitted:	2004-09-26 09:59 UTC	Modified:	2004-09-28 22:53 UTC
From:	lassial at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.8	OS:	win2k
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	lassial at hotmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-09-26 09:59 UTC] lassial at hotmail dot com

Description:
------------
With 4.3.8 win32 full bundle on Apache 1.3.xx
after upgrading from 4.2.3

Problem:
New session is initiated every time when session_start() is run. It sends user a new cookie ignoring the old one, which has been successfully delivered.

It seems that the built-in support will not correctly detect the cookie, althoug session_name() shows correctly the name of the id, that has been set earlier.

Changing the session cookie lifetime doesn't make any difference. I haven't tried with sticking to original session name set in the php.ini

php.ini:
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On

session.cache_expire 180 180
session.cache_limiter nocache nocache

session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off


session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1

session.name MYD MYD
session.referer_check 1 1

session.save_handler files files
session.save_path c:\temp\php c:\temp\php
session.serialize_handler php php

session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off


Reproduce code:
---------------
iniset("session.auto_start","0");
iniset("session.use_cookies","1");
iniset("session.cookie_lifetime",$mySessionLifetime);
session_name($mySessionName);

// check that the previously set SID cookie
// carries an id
echo "1: ".session_name().$_COOKIE[$mySessionName]

session_start();

// now, if everything went nicely, id would stay just the same
echo "2: ". session_name().session_id();

Expected result:
----------------
session id, as printed out in 1 and 2 should be the same, but it is not.

Degrading back to 4.2.3 removed this problem.

Actual result:
--------------
New session is started, looking at \temp\php shows that all the files for each session initiated still exist (although that is only an effect of this problem, as the sessions don't get killed from php properly and are to gc for later).

Looking at the browser, PHP attempts to change the cookie content everytime a request is made to session driven pages under cookie domain. Session can't be continued at all.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-09-28 22:53 UTC] sniper@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Wed Feb 11 07:00:01 2026 UTC