PHP :: Bug #30789 :: New Session created for every session

Bug #30789	New Session created for every session_start() call.
Submitted:	2004-11-15 07:08 UTC	Modified:	2004-11-15 08:36 UTC
From:	spam at taylorw dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	Irrelevant	OS:	Linux - 2.6.8-gentoo-r3
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	spam at taylorw dot com
New email:
PHP Version:		OS:

New Comment:

[2004-11-15 07:08 UTC] spam at taylorw dot com

Description:
------------
I have tried 4.3.9 and 5.0.2 (both emerged via gentoo) with various Apache 2.0.5x versions (currently using 2.0.52)... none seem to solve this problem. Anytime session_start(); is called a new session is created, along with a new session_id. I have verified that /tmp is where the sessions are being stored, and have watched the directory as I refreshed a page with nothing but session_start(); in it, and a new session is created each time. And session autostart is not on in php.ini.

Relevant php.ini information:

session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = 
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0


Reproduce code:
---------------
/* Page One (page1.php)*/
<?php

session_start();

echo session_id();

?>
<a href="page2.php">click here for page 2</a>

/* Page Two (page2.php)*/
<?php

session_start();

echo session_id();

?>
<a href="page2.php">click here for page one</a>

Expected result:
----------------
The echo'ed session_id()'s should be the same for both pages, and no new session file should exist in /tmp .

Actual result:
--------------
The session id's differ, and a new session file has been created in /tmp . Refreshing either page creates another session file in /tmp as well.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-11-15 07:45 UTC] tony2001@php.net

Try to set session.use_trans_sid to 1 and check if cookies are enabled in your browser.

[2004-11-15 07:56 UTC] spam at taylorw dot com

Changed, and checked using two different machines, and browsers... same problem. I did note something of interest. After changing that setting, I echo'ed phpinfo() and it does not show the updated setting in the php.ini... So then I noticed something else (compared to another system with exact same Apache and mod_php versions)...

For the box it wont work on:
--with-config-file-path=/etc/php/apache2-php4
Configuration File (php.ini) Path  /php.ini  

For the box it does work on:
--with-config-file-path=/etc/php/apache2-php4
Configuration File (php.ini) Path  /etc/php/apache2-php4/php.ini  

The second one has the correct path despite the fact that they both have the same --with-configure lines. I'm not sure if that has anything to do with the session issue?

[2004-11-15 08:05 UTC] tony2001@php.net

No, put your php.ini to the right place first.

[2004-11-15 08:13 UTC] spam at taylorw dot com

Not sure what you mean "put it to the right place" ? I understand that it's trying to read it from /php.ini but I havent been able to find where that is set?

I also used 'locate' to find all php.ini files and updated the two it found to turn on the trans_sid, but still having the same issue.

[2004-11-15 08:16 UTC] tony2001@php.net

I mean delete /php.ini and use /etc/php/apache2-php4/php.ini instead.
Does `ls -l /php.ini` report that there is no such file ?

[2004-11-15 08:19 UTC] spam at taylorw dot com

Yeah it did, removed that one (which I know remember I copied off the other box to compare with this boxes). The correct ini file is now reported... but nothing else new to report.

[2004-11-15 08:36 UTC] spam at taylorw dot com

Not sure why this got changed to bogus, when the session issue is still happening?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 13:01:33 2025 UTC