PHP :: Bug #65795 :: session_start() returns TRUE if session fails to start

Bug #65795

session_start() returns TRUE if session fails to start

Submitted:

2013-10-01 07:32 UTC

Modified:

2021-06-09 11:53 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

interrobang at noicq dot org

Assigned:

cmb (profile)

Status:

Closed

Package:

memcached (PECL)

PHP Version:

Irrelevant

OS:

Debian Squeeze

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	interrobang at noicq dot org
New email:
PHP Version:		OS:

New Comment:

[2013-10-01 07:32 UTC] interrobang at noicq dot org

Description:
------------
session_start(); returns TRUE if PHP configured to use mamcached instead of session files and memcached is down/not reachable.

Package php5-cgi:
PHP 5.3.3-7+squeeze17

Package memcached:
Version: 1.4.5-1

Package php5-memcached:
Version: 1.0.2-1+squeeze2

PHP config:
session.save_handler = memcached
session.save_path = "localhost:11211"

Test script:
---------------
$r = session_start();var_dump($r);die();

Expected result:
----------------
bool(false)
Warning: Unknown: Failed to write session data (memcached). Please verify that the current setting of session.save_path is correct (localhost:11211) in Unknown on line 0

Actual result:
--------------
bool(true)
Warning: Unknown: Failed to write session data (memcached). Please verify that the current setting of session.save_path is correct (localhost:11211) in Unknown on line 0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-10-01 17:39 UTC] aharvey@php.net

-Package: *General Issues +Package: memcached

[2016-04-04 21:20 UTC] woolardfa at appstate dot edu

additionally, the when configured to used memcached for a session store, the session_start() method will return true when the attempt to add the "lock" value has timed out due to collision (retries are exhausted), and return an empty $_SESSION superglobal. When session_write_close() is called, the second page request then clobbers the session data that was present and being used by the first page request.

[2021-06-09 11:53 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2021-06-09 11:53 UTC] cmb@php.net

The memcached bug tracker is now on Github[1].  If this is still
an issue with the current memcached version, please report there.

[1] <https://github.com/php-memcached-dev/php-memcached/issues>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 23:01:28 2024 UTC