php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #74231 Example #2 for session_regenerate_id is broken in several ways
Submitted: 2017-03-10 00:41 UTC Modified: 2019-01-02 02:15 UTC
Votes:7
Avg. Score:2.4 ± 1.4
Reproduced:3 of 5 (60.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: signe at cothlamadh dot net Assigned:
Status: Open Package: Session related
PHP Version: Irrelevant OS: n/a
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: signe at cothlamadh dot net
New email:
PHP Version: OS:

 

 [2017-03-10 00:41 UTC] signe at cothlamadh dot net 
Description:
------------
Example #2 does carry the caveat that it's "not fully working code," however it's not just "not fully working" - it's badly broken, uses php.ini options incorrectly, and non-functional.

1. The modification of use_strict_mode is wrapping the wrong function.

use_strict_mode restricts calling session_id() with a new value.  Calling session_id() before unlocking use_strict_mode will result in a logged warning.

2. The example function does _not_ preserve any existing session data, which session_regenerate_id does.  Anyone using the example would lose all session data for the user.

Before calling session_start(), you need to store the current session data temporarily in memory, and then restore it afterward.

Documentation patch attached

Patches

session-regenerate-id.xml.diff (last revision 2017-03-10 00:42 UTC by signe at cothlamadh dot net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-13 10:51 UTC] peehaa@php.net
-Assigned To: +Assigned To: peehaa
 [2017-03-13 10:51 UTC] peehaa@php.net 
I agree that the examples on this page are badly broken.

Will try to decipher the page later somewhere during this week and try to fix it.
 [2017-10-24 06:27 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: peehaa +Assigned To:
 [2019-01-02 02:15 UTC] girgias@php.net
-Package: Documentation problem +Package: Session related
 [2022-11-28 09:59 UTC] kinersu32 at gmail dot com 
Thanks for that.

https://www.dinarguru.biz/github.com
 [2022-11-29 05:36 UTC] xyz at gmail dot com 
Thnaks (https://www.dinarguru.biz/)github.com
 [2023-06-16 09:47 UTC] dodans at aol dot com 
(https://variety.com/wp-content/uploads/2018/09/rexfeatures_9064813mz.jpg?w=1000&h=563&crop=1&resize=1000%2C563)github.com

(https://static01.nyt.com/images/2013/03/31/arts/31PIVEN1_SPAN/31PIVEN1-superJumbo.jpg?quality=75&auto=webp)github.com

(https://www.telegraph.co.uk/content/dam/comedy/2021/10/16/TELEMMGLPICT000145291306_trans_NvBQzQNjv4BqqVzuuqpFlyLIwiB6NTmJwSX5rhseiWKOo9p9OQ-ymek.jpeg?imwidth=960)github.com

(https://images.squarespace-cdn.com/content/v1/5b61f75d506fbecf8655789d/c14cde80-aa2d-453a-bc3e-4964c9149e0d/jeremy-piven.jpg?format=1000w)github.com

(https://static.wikia.nocookie.net/disney/images/d/d7/Jeremy_Piven.jpg/revision/latest?cb=20180726001612)github.com

(https://www.amazon.com/prime-video/actor/Jeremy-Piven/amzn1.dv.gti.785e61d6-1dd8-4777-88c4-b33c24097594/)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 16:01:29 2024 UTC