|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15484 custom handler of session is not strong enough
Submitted: 2002-02-10 06:04 UTC Modified: 2002-03-11 00:00 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: Xuefer at 21cn dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.1.1 OS: win2k
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
19 + 12 = ?
Subscribe to this entry?

 [2002-02-10 06:04 UTC] Xuefer at 21cn dot com
used session_set_save_handler(...."sess_read"....);
and when session_start();
and also sess_read() returns _NONE_ string
e.g. function sess_read() { }
or function sess_read() { return false; }

browser get no response from apache (should be crash)

it should be strong enough :-)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-10 06:18 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

 [2002-02-10 07:00 UTC] Xuefer at 21cn dot com
"what i did":
code's here:

session_set_save_handler ('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc');
function sess_open() { return true;}
function sess_close() { return true;}
function sess_read() { return ""; }
function sess_write() {}
function ses_destroy() {}
function sess_gc() {}

echo "program got here";
ok, the above program won't crash the apache

but if i change:
--> function sess_read() { return ""; }
--> function sess_read() { return null; }

"what i expected to happen" is: php `should` warnning me my returning isnot STRING, or keep running quietly

"what happened" is: no response from apache

and here why i report this bug:
a server running 100 website, one of the custom(the one can upload/update php file for his site) is able to attact the server by using the above script, making `fool` of the server

is the above info enough? :)
 [2002-02-10 07:02 UTC]
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
 [2002-02-10 08:21 UTC] Xuefer at 21cn dot com
i'm using win2k to run apache+php
how can i get backtrace?

btw, i'm not sure that apache is fully 'down'
just browser get no response from apache
and can browse other php pages without restarting apache

i've tested it on my linux server, script finished quite fine
 [2002-03-11 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jul 24 15:01:29 2024 UTC