|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2008-06-27 17:25 UTC] jerome dot auge at anakeen dot com
Description:
------------
I want to access two distinct sessions content, but I only get access to
the first session, and the second session_name/session_start does not
change the content of the $_SESSION variable which remains the same as
the first one.
After investigation, when switching session with a call to
session_name('another_session')+session_start(), the session ID from the
first session_start() is re-used, and the sess ID from the new session
name 'another_session' is not used.
Reproduce code:
---------------
1) Call 'set_sess1.php' to set a session named 'sess1':
<?php
session_name('sess1');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess1'];
$_SESSION['sess1']='session1:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess1']."\n";
session_write_close();
?>
2) Call 'set_sess2.php' to set a session named 'sess2':
<?php
session_name('sess2');
session_start();
$session_id = session_id();
$cookie = $_COOKIE['sess2'];
$_SESSION['sess2']='session2:'.$session_id;
print "cookie = ".$cookie."\n";
print "session_id = ".$session_id."\n";
print "_SESSION = ".$_SESSION['sess2']."\n";
session_write_close();
?>
3) Try to access both session variables in 'get_sess.php':
<?php
session_name('sess1');
session_start();
$sess1 = $_SESSION['sess1'];
session_write_close();
session_name('sess2');
session_start();
$sess2 = $_SESSION['sess2'];
session_write_close();
foreach ($_COOKIE as $k => $v) {
print "_COOKIE[$k] = $v\n";
}
print "sess1 = $sess1\n";
print "sess2 = $sess2\n";
?>
Expected result:
----------------
In 'get_sess.php', I expect to get access to the content of the 'sess2'
session by issuing a new session_name('sess2')+session_start(), but the
content of _SESSION remains the one from 'sess1'.
Expected output from 'get_sess.php':
_COOKIE[sess1] = n0f57lap2oabeqvfc6t6c0ap60
_COOKIE[sess2] = b4s2sr976f4qrbkimfh0i6kqm0
sess1 = session1:n0f57lap2oabeqvfc6t6c0ap60
sess2 = session2:b4s2sr976f4qrbkimfh0i6kqm0
Actual result:
--------------
Actuel output from 'get_sess.php':
_COOKIE[sess1] = 2ot2t22ccq0t9de2edhgcrh4h4
_COOKIE[sess2] = rt8jr3e6esvmp88id0e4o05091
sess1 = session1:2ot2t22ccq0t9de2edhgcrh4h4
sess2 =
The script also issue a "Set-Cookie: sess2=<value_from_sess1>", and I
end up with the cookies 'sess1' and 'sess2' having the same ID.
I got around it by setting the session ID manually with
session_id($_COOKIE['new_session']), after calling
session_name('new_session') and before session_start()... but I was
expecting PHP to handle this automatically...
So here is a proposal patch to de-allocate PS(id) when calling
session_write_close(), in order to force session_start() to lookup the
session ID from the session name:
--8<--
--- php-5.2.6.orig/ext/session/session.c 2008-04-29
16:42:38.000000000 +0200
+++ php-5.2.6/ext/session/session.c 2008-06-27 18:29:05.000000000
+0200
@@ -933,6 +933,11 @@
if (PS(mod_data))
PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
+
+ if (PS(id)) {
+ efree(PS(id));
+ PS(id) = NULL;
+ }
}
static char *month_names[] = {
-->8--
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 23:01:29 2024 UTC |
I've got the exact same problem, on my Linux/Apache/PHP Server AND my windows/Apache/PHP server. If you follow the documentation, a call to session_write_close(), session_name('MyNewSession') and session_start() should be sufficient to switch from one session to another, but it's not the case. Description: ------------ I want to open a existing session, read data in it, close it and then create a new session. Reproduce code: --------------- 1) Call 'set_sess1.php' to set a session named 'sess1': <?php session_name('sess1'); session_start(); $session_id = session_id(); // Do some stuff in sess1 $_SESSION['sess1']='session1:'.$session_id; // Print session content echo 'Session 1:<br />'; print_r($_SESSION); session_write_close(); ?> 2) Try to access 'sess1' data first AND THEN to create 'sess2' in the same script in 'view_sess1_create_sess2.php': <?php ob_start(); // session_name('sess1'); session_start(); // Do some stuff in sess1 $_SESSION['mydata'] = 'new update in sess1'; // Print session content echo 'Session 1:<br />'; print_r($_SESSION); // Save data into sess1 session_write_close(); // Create sess2 session_name('sess2'); session_start(); $session_id = session_id(); // Do some stuff in sess2 $_SESSION['sess2']='session2:'.$session_id; $_SESSION['mydata'] = 'new update in sess2'; // Print session content echo '<br /><br />Session 2:<br />'; print_r($_SESSION); session_write_close(); ob_end_flush() ?> Expected ouptut result: ----------------------- Session 1: Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 [mydata] => new update in sess1 ) Session 2: Array ( [sess2] => session1:db0c904dd716126ddfc8e3db30e1ddda [mydata] => new update in sess2 ) Expected Set-Cookie header (SID different from sess1): ------------------------------------------------------ Set-Cookie: sess2=db0c904dd716126ddfc8e3db30e1ddda; path=/ Actual output result: --------------------- Session 1: Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 [mydata] => new update in sess1 ) Session 2: Array ( [sess1] => session1:f0ed9cecd7a730784a9f6aed4c241887 [mydata] => new update in sess2 [sess2] => session2:f0ed9cecd7a730784a9f6aed4c241887 ) Actual Set-Cookie header (same SID as sess1): --------------------------------------------- Set-Cookie: sess2=f0ed9cecd7a730784a9f6aed4c241887; path=/ So php dosn't close sess1 properly, so the session still have the same SID. The patch I found is to use session_regenerate_id(false) and some patch: Patched code: ------------- <?php session_name('sess1'); session_start(); // Do some stuff in sess1 $_SESSION['mydata'] = 'new update before creating sess2'; // Save data into sess1 session_write_close(); // Create sess2 with sess1 id without resending a Set-Cookie header // Resending a Set-Cookie header would create a cookie sess2=<sess1_id> // Furthermore, if you don't do the session_start() here, session_regenerate_id // will have no effect ini_set('session.use_cookies',0); session_name('sess2'); session_start(); ini_set('session.use_cookies',1); // Create a new genuine session id and do the actual session_id($new_sess_id) silently, // then send a cookie to the client with the new id sess2=<new_sess2_id> $old_sess_id = session_id(); session_regenerate_id(false); $new_sess_id = session_id(); echo '<br />old : ' . $old_sess_id; echo '<br />new : ' . $new_sess_id; ?>There is a mistake in my Expected ouptut result: You should read session2 in the second array: [sess2] => session2:db0c904dd716126ddfc8e3db30e1ddda - Thanks, JP