PHP :: Bug #10793 :: session variables are not passed correctly to the user defined write function

Bug #10793	session variables are not passed correctly to the user defined write function
Submitted:	2001-05-10 12:05 UTC	Modified:	2001-06-14 23:40 UTC
From:	kronos at aixtema dot de	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.4pl1	OS:	Linux 2.2.16
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-05-10 12:05 UTC] kronos at aixtema dot de

Hi !

I have the following problem:

I'm using php4 session management with user defined functions to read/write
session data from/to a mysql database. Sometimes session variables are not
written correctly to the database, although they are read correctly and not
changed on the page. I have logged the values the read function returns as
well as the values passed to the write function:

This is the correct output:

(w) 6ab3322c74ba731179b210dc4401a928:
(r) 6ab3322c74ba731179b210dc4401a928:
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";

This is the wrong output:

(w) 3e8eab99d3e33bfe8393a0c4d0b8e987:
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987:
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|

The above example is the output of a simple frameset with 3 frames.
Sometimes I get the correct output and sometimes I get the wrong one
on exactly the same set of pages. Both variables are never changed.

There should be no programming errors in my read/write functions...
In the read function I simply read from db, output the result into
a logfile and return the result. The example above shows reading works
perfectly. And the write function outputs the passed value into the
logfile before writing it to the database and as the above example
shows the passed value is not correct.

Configuration:

Linux: Linux 2.2.16 (Suse Distribution)
Apache: Apache/1.3.19 (Unix) PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
MYSQL: 3.22.32
PHP: PHP4.04pl1 with Zend Optimizer

Relevant settings from php.ini:

variables_order         =       "EGPCS"
register_globals        =       On
register_argc_argv      =       On
post_max_size           =       8M
gpc_order               =       "GPC"

; Magic quotes
magic_quotes_gpc        =   On
magic_quotes_runtime		=   Off
magic_quotes_sybase     =   Off

session.save_handler      = user
session.save_path         = /tmp
session.use_cookies       = 1
session.name              = PHPSESSID
session.auto_start        = 0
session.cookie_lifetime   = 0
session.cookie_path       = /
session.cookie_domain     =                                                        
session.serialize_handler = php
session.gc_probability    = 1
session.gc_maxlifetime    = 1440
session.referer_check     =
session.entropy_length    = 0
session.entropy_file      =
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache
session.cache_expire      = 180
session.use_trans_sid     = 1
url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

any .htacces files I used only change include path or auto prepend file.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-05-17 13:29 UTC] kronos at aixtema dot de

The strange behavior is caused by a call to set_magic_quotes_runtime(1) in another script on another virtual server on the same machine. I was not aware of the fact that this function call globally sets magic_quotes_runtime to 1 as if it were set in php.ini.

But the problem still remains: The wrong values are passed to the session write function with magic_quotes_runtime enabled. And it does not happen every time I run the above script. So I guess it is a bug anyway.

[2001-06-14 23:40 UTC] sniper@php.net

Try latest CVS snapshot from http://snaps.php.net/
and if it still doesn't work, open a new bug report
with example script.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 11:00:01 2025 UTC