php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10793 session variables are not passed correctly to the user defined write function
Submitted: 2001-05-10 12:05 UTC Modified: 2001-06-14 23:40 UTC
From: kronos at aixtema dot de Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0.4pl1 OS: Linux 2.2.16
Private report: No CVE-ID: None
 [2001-05-10 12:05 UTC] kronos at aixtema dot de
Hi !

I have the following problem:

I'm using php4 session management with user defined functions to read/write
session data from/to a mysql database. Sometimes session variables are not
written correctly to the database, although they are read correctly and not
changed on the page. I have logged the values the read function returns as
well as the values passed to the write function:

This is the correct output:

(w) 6ab3322c74ba731179b210dc4401a928:
(r) 6ab3322c74ba731179b210dc4401a928:
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 6ab3322c74ba731179b210dc4401a928: auth_name|s:4:"test";auth_flags|s:1:"1";

This is the wrong output:

(w) 3e8eab99d3e33bfe8393a0c4d0b8e987:
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987:
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|s:4:"test";auth_flags|s:1:"1";
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|
(r) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|
(w) 3e8eab99d3e33bfe8393a0c4d0b8e987: auth_name|N;!:"test";auth_flags|

The above example is the output of a simple frameset with 3 frames.
Sometimes I get the correct output and sometimes I get the wrong one
on exactly the same set of pages. Both variables are never changed.

There should be no programming errors in my read/write functions...
In the read function I simply read from db, output the result into
a logfile and return the result. The example above shows reading works
perfectly. And the write function outputs the passed value into the
logfile before writing it to the database and as the above example
shows the passed value is not correct.

Configuration:

Linux: Linux 2.2.16 (Suse Distribution)
Apache: Apache/1.3.19 (Unix) PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
MYSQL: 3.22.32
PHP: PHP4.04pl1 with Zend Optimizer

Relevant settings from php.ini:

variables_order         =       "EGPCS"
register_globals        =       On
register_argc_argv      =       On
post_max_size           =       8M
gpc_order               =       "GPC"

; Magic quotes
magic_quotes_gpc        =   On
magic_quotes_runtime		=   Off
magic_quotes_sybase     =   Off

session.save_handler      = user
session.save_path         = /tmp
session.use_cookies       = 1
session.name              = PHPSESSID
session.auto_start        = 0
session.cookie_lifetime   = 0
session.cookie_path       = /
session.cookie_domain     =                                                        
session.serialize_handler = php
session.gc_probability    = 1
session.gc_maxlifetime    = 1440
session.referer_check     =
session.entropy_length    = 0
session.entropy_file      =
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache
session.cache_expire      = 180
session.use_trans_sid     = 1
url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

any .htacces files I used only change include path or auto prepend file.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-17 13:29 UTC] kronos at aixtema dot de
The strange behavior is caused by a call to set_magic_quotes_runtime(1) in another script on another virtual server on the same machine. I was not aware of the fact that this function call globally sets magic_quotes_runtime to 1 as if it were set in php.ini.

But the problem still remains: The wrong values are passed to the session write function with magic_quotes_runtime enabled. And it does not happen every time I run the above script. So I guess it is a bug anyway.

 [2001-06-14 23:40 UTC] sniper@php.net
Try latest CVS snapshot from http://snaps.php.net/
and if it still doesn't work, open a new bug report
with example script.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Mar 26 18:01:26 2019 UTC