php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41853 Session shared between users
Submitted: 2007-06-29 15:22 UTC Modified: 2007-07-02 21:40 UTC
From: gundja at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.3 OS: Redhat Enterprise
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gundja at hotmail dot com
New email:
PHP Version: OS:

 

 [2007-06-29 15:22 UTC] gundja at hotmail dot com
Description:
------------
Users share the same session when there is a peak of charge.
Actually, the process is:
User 1 starts a session with a specific session_id() (S1)
User 2 starts a session with a specific session_id() (S2)

User 1 clicks on links
User 2 clicks on links

When there a lot of session, User 1 session = S2...

Thank you very much for your help.

Reproduce code:
---------------
<?
//version 0.2
session_start();
echo("Server name:".$_SERVER["SERVER_ADDR"]);
echo("<br/>SESSION ID : ".session_id()."<br/>");		
$customControl = $_SERVER ['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']."|".$_SERVER['HTTP_ACCEPT_LANGUAGE']."|".session_id();
echo("Associated informations : <br/>".$customControl."<br/>");		
if(isset($_SESSION["CUSTOM_CONTROL"]))
{
	$controlFromSession = $_SESSION["CUSTOM_CONTROL"];
	echo("Informations from session : <br/>".$controlFromSession."<br/>");		
	if($customControl!=$controlFromSession)
	{
		echo("Informations from session and information provided by client are differents<br/>");							
		echo("We will destroy the session<br/>");							
		session_destroy();
		echo("Session is destroyed<br/>");							
		echo("Session will be started<br/>");							
		session_start();
		echo("Session is started<br/>");							
		$customControl = $_SERVER ['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']."|".$_SERVER['HTTP_ACCEPT_LANGUAGE']."|".session_id();
		echo("Value of custom control :<br/>".$customControl);							
	}
} 

$_SESSION["CUSTOM_CONTROL"] = $customControl;
echo("Value of Session :<br/>".$_SESSION["CUSTOM_CONTROL"]);
?>

Expected result:
----------------
SESSION ID : e1dd4e5ce39242a52c7db9d7f23fec8c
Associated informations :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c
Informations from session :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c
Value of Session :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|e1dd4e5ce39242a52c7db9d7f23fec8c

Actual result:
--------------
SESSION ID : 979747d25bc9e21291aad70a1f886491
Associated informations :
195.68.126.90|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4|en-us,en;q=0.5|979747d25bc9e21291aad70a1f886491
Informations from session :
82.228.147.184;Mozilla/5.0 (Windows: U: Windows NT 5.1: fr: rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12;fr,fr-fr:q=0.8,en-us:q=0.5,en:q=0.3;979747d25bc9e21291aad70a1f886491;9508e4f5a18916a88ac39f0c64aecd0a
Informations from session and information provided by client are differents
We will destroy the session
Session is destroyed
Session will be started

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-29 16:49 UTC] gundja at hotmail dot com
Important note :
PHP is a compiled version
The application is on 64B environment
 [2007-07-02 21:40 UTC] gundja at hotmail dot com
It was a pb of caching in a web farm, sorry.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jul 16 09:01:33 2025 UTC