php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #78155 session_start doesn't create session
Submitted: 2019-06-13 08:09 UTC Modified: 2021-09-28 14:25 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: liangjian at oliveche dot com Assigned:
Status: Open Package: Session related
PHP Version: 7.2.19 OS: CentOS 7
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: liangjian at oliveche dot com
New email:
PHP Version: OS:

 

 [2019-06-13 08:09 UTC] liangjian at oliveche dot com 
Description:
------------
---
From manual page: https://php.net/function.session-start
---
Request A and B are sent from the same browser at the same time (A prior to B) and use the same cookie.
A destroys session and B writes session in sequence.
B is blocked on 'session_start' and resumes after A destroys the session, but it does not create session or save the session variables.



Test script:
---------------
request A:
        session_start();
        sleep(5);
        session_destroy();

request B:
        // B will be blocked by A on the session file
        session_start(); // !!!return ok but not session file!!!
        // resume until A destroys(releases) it. but no session file and the 'uid' cannot save.
        $_SESSION["uid"] = 1;
        


Expected result:
----------------
The session file exists and session variable 'uid' is saved.

Actual result:
--------------
No session file.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-28 14:25 UTC] cmb@php.net 
What happens: request A creates the session file, and locks it,
and then sleeps.  Now request B opens the file, but waits for it
to be unlocked.  When request A ends sleeping, it destroys the
file, so request B gets access, but the file is already unlinked,
so whatever is written to the file is effectively lost.

It seems to me that cannot be cleanly solved without having a
separate lock file.  Maybe document this issue instead?
 [2021-09-28 14:29 UTC] cmb@php.net 
Related To: Bug #69127
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 17:01:32 2024 UTC