php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65475 Session ID is not initialized when session.usr_strict_mode=1
Submitted: 2013-08-19 03:17 UTC Modified: 2013-08-20 23:04 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: php at tokumaru dot org Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 5.5.2 OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at tokumaru dot org
New email:
PHP Version: OS:

 

 [2013-08-19 03:17 UTC] php at tokumaru dot org 
Description:
------------
In the case of session.use_strict_mode = On, a wrong session cookie is generated.

Test script:
---------------
<?php
  session_start();
  $_SESSION['msg'] = 'hello';
  echo 'session_id: ' . session_id();

Expected result:
----------------
A valid session cookie is generated.


Actual result:
--------------
A wrong session cookie is generated.

The HTTP Response (Summary):

HTTP/1.1 200 OK
Set-Cookie: PHPSESSID=de3vsil36bfs3829rhnspq0oo7; path=/
Content-Length: 38
Content-Type: text/html

session_id: ocjalnfd088dd90eppb1hr14h3


The Session File:

$ sudo cat /tmp/sess_ocjalnfd088dd90eppb1hr14h3
msg|s:5:"hello";

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-20 00:54 UTC] william dot a dot bartlett at gmail dot com 
Could not reproduce using Fedora 19 PHP 5.5.1 - possible regression.
 [2013-08-20 20:17 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-20 20:53 UTC] yohgaki@php.net 
It is passing uninitialized PS(id). I'll look into what's wrong.
 [2013-08-20 21:49 UTC] yohgaki@php.net 
Fix for files save handler. I'll prepare fix for other save handlers if there is 
problem before 5.5.3 if it's possible.

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index e5733b4..004d9d4 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -338,13 +338,13 @@ PS_READ_FUNC(files)
                if (!PS(id)) {
                        return FAILURE;
                }
-               php_session_reset_id(TSRMLS_C);
                if (PS(use_cookies)) {
                        PS(send_cookie) = 1;
                }
+               php_session_reset_id(TSRMLS_C);
        }
 
-       ps_files_open(data, key TSRMLS_CC);
+       ps_files_open(data, PS(id) TSRMLS_CC);
        if (data->fd < 0) {
                return FAILURE;
        }
 [2013-08-20 23:04 UTC] yohgaki@php.net
-Summary: wrong session cookie is generated on session.use_strict_mode +Summary: Session ID is not initialized when session.usr_strict_mode=1 -Operating System: Ubuntu +Operating System: any
 [2013-08-20 23:14 UTC] yohgaki@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 [2013-08-20 23:14 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2013-08-20 23:14 UTC] yohgaki@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d2a99a7c315beba3fcecd5c4a47d6ce1d1a78283
Log: Fixed Bug #65475
 [2013-08-21 02:07 UTC] yohgaki@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 [2013-11-17 09:30 UTC] laruence@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d2a99a7c315beba3fcecd5c4a47d6ce1d1a78283
Log: Fixed Bug #65475
 [2013-11-17 09:30 UTC] laruence@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC