this should be a intentional change, https://github.com/php/php-src/commit/e93042998af1fea9204e17bc5cdd13c702156d5b

@yohgaki ?

Similar problem here
I have a custom session handler storing session in memcache
However, when I invoke session_regenerate_id(true), I get a fatal error
Catchable fatal error: session_regenerate_id(): Failed to create session ID: user

@laruence

Yes. Session becames inactive by calling session_destroy(). Therefore, session_regenerate_id() complains about bogus call as it requires active session to be useful.

With a custom session handler, it also spits out the same error message *immediately after* a session_start() call - at that point, the session is not inactive.

Also, this is a breaking change and should not happen at the RC stage.

@narf

session_start() should never raise error like

Warning: session_regenerate_id(): Cannot regenerate session id - session is not active in - on line 4

If you think it's not your save handler's problem, please file a new bug report with your save handler code. 

Recent (5.6 and up, IIRC) has stricter specification for save handlers. Refer to 
https://bugs.php.net/bug.php?id=70520
even example save handler in the manual was wrong.

@yasuo

I didn't say that session_start() issues that message.

What I'm saying is that calling session_regenerate_id() *immediately after* session_start(), would issue this:

session_regenerate_id(): Failed to create session ID: user (path: <value of session.save_path>)

And I'm kind of proxy-ing a bug report that was submitted to me here: https://github.com/bcit-ci/CodeIgniter/issues/4230

@narf

OK. Could tell me where I can look at the save handler code?

@narf

Is this the save handler?

https://github.com/bcit-ci/CodeIgniter/blob/develop/system/libraries/Session/drivers/Session_redis_driver.php#L162

I haven't looked into detail and don't understand the handler fully, but this function may be the cause of bug. 

Returning FALSE on read will raise the error.

Oops, you are getting other kind of error.

session_regenerate_id(): Failed to create session ID: user (path: <value of session.save_path>)

This error is raised by multiple reasons. The error messages are better to modify so that users can distinguish the cause. Anyway, it may be raised if

 - new session ID creation is failed. (Very unlikely)
 - opening save handler is failed.
 - session ID collision is detected and failed. (Very unlikely)
 - session read with new session ID is failed.

I'll modify error messages to distinguish the cause of your problem.

I was also getting a fatal error (check comment above), with a custom session handler. After yohgaki's comment about the return value of the read() method, which needs to return a string, I checked my session handler and I saw I was returning boolean false in some cases. Casting the return value to string, solved it.

@yasuo

Yep, that's the session handler in question.
I guess I'll have to wait for your error messages patch ...

Please check this error log records:

[Fri Nov 13 01:59:48.334695 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:48.334860 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_mfmb9rq8qoofsbcigs8ckdhsa4, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:48.334883 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:49.738997 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:49.739178 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_u9aqmuc73nub1g09vkisojjk11, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:49.739198 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:50.534468 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:50.534644 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_aparjtipjng2nnn8sdm8q9drn4, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:50.534663 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23

So in my case, I can reproduce it making /var/lib/php/sessions/ not writable to PHP process. This can explain the warning in session_regenerate_id() immediately after session_start() - namely session_start() is failed.

 Now, the original case of session_destroy()+session_regenerate_id() looks like logic. Same as before - no session, no regenerate id. But with a custom session handler, it can be much trickier to figure out, depends on its error reporting. All in all, it still doesn't look. Could we please take a look at the error logs for such cases (possibly with max enabled error reporting)?

In general yes, some finer grained error messages can help on the user side.

Thanks.

I've committed error message patch. Latest code will produce distinguishable error messages. Anyway, original bug report is not a bug. I close this one. If you find any new issue, please open new or use appropriate bug report.