php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41853 Session shared between users
Submitted: 2007-06-29 15:22 UTC Modified: 2007-07-02 21:40 UTC
From: gundja at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.3 OS: Redhat Enterprise
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gundja at hotmail dot com
New email:
PHP Version: OS:

 

 [2007-06-29 15:22 UTC] gundja at hotmail dot com 
Description:
------------
Users share the same session when there is a peak of charge.
Actually, the process is:
User 1 starts a session with a specific session_id() (S1)
User 2 starts a session with a specific session_id() (S2)

User 1 clicks on links
User 2 clicks on links

When there a lot of session, User 1 session = S2...

Thank you very much for your help.

Reproduce code:
---------------
<?
//version 0.2
session_start();
echo("Server name:".$_SERVER["SERVER_ADDR"]);
echo("<br/>SESSION ID : ".session_id()."<br/>");		
$customControl = $_SERVER ['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']."|".$_SERVER['HTTP_ACCEPT_LANGUAGE']."|".session_id();
echo("Associated informations : <br/>".$customControl."<br/>");		
if(isset($_SESSION["CUSTOM_CONTROL"]))
{
	$controlFromSession = $_SESSION["CUSTOM_CONTROL"];
	echo("Informations from session : <br/>".$controlFromSession."<br/>");		
	if($customControl!=$controlFromSession)
	{
		echo("Informations from session and information provided by client are differents<br/>");							
		echo("We will destroy the session<br/>");							
		session_destroy();
		echo("Session is destroyed<br/>");							
		echo("Session will be started<br/>");							
		session_start();
		echo("Session is started<br/>");							
		$customControl = $_SERVER ['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']."|".$_SERVER['HTTP_ACCEPT_LANGUAGE']."|".session_id();
		echo("Value of custom control :<br/>".$customControl);							
	}
} 

$_SESSION["CUSTOM_CONTROL"] = $customControl;
echo("Value of Session :<br/>".$_SESSION["CUSTOM_CONTROL"]);
?>

Expected result:
----------------
SESSION ID : e1dd4e5ce39242a52c7db9d7f23fec8c
Associated informations :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c
Informations from session :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c
Value of Session :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c

Actual result:
--------------
SESSION ID : 979747d25bc9e21291aad70a1f886491
Associated informations :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|979747d25bc9e21291aad70a1f886491
Informations from session :
82.228.147.184;Mozilla/5.0 (Windows: U: Windows NT 5.1: fr: rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12;fr,fr-fr:q=0.8,en-us:q=0.5,en:q=0.3;979747d25bc9e21291aad70a1f886491;9508e4f5a18916a88ac39f0c64aecd0a
Informations from session and information provided by client are differents
We will destroy the session
Session is destroyed
Session will be started

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-29 16:49 UTC] gundja at hotmail dot com 
Important note :
PHP is a compiled version
The application is on 64B environment
 [2007-07-02 21:40 UTC] gundja at hotmail dot com 
It was a pb of caching in a web farm, sorry.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 15 23:01:33 2025 UTC