php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15856 session_destroy() - hangs php4ts.dll - memory leak
Submitted: 2002-03-04 09:48 UTC Modified: 2002-05-08 00:00 UTC
Votes:6
Avg. Score:4.3 ± 1.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: sontor at todotobe dot de Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.1.1 OS: Windows 98 Windows 2000
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sontor at todotobe dot de
New email:
PHP Version: OS:

 

 [2002-03-04 09:48 UTC] sontor at todotobe dot de
I use output buffering at a page start,
if I start a session and do session_destory(),e.g.
authentication failure, the the dll hangs with an win32 page fault.
I use PHP as CGI on an apache on an wamp system.

The Session Destroy is capsuled in an loginclass,

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-04 09:49 UTC] sontor at todotobe dot de
The PHP4TS.DLL hangs.. sorry..
 [2002-03-04 10:23 UTC] sander@php.net
Can you provide a simple sample script?

P.S.: no I don't like caps :)
 [2002-03-04 10:44 UTC] sontor at todotobe dot de
Only the login function that is capsuled in the class. called on one page the session start is before the constructor of the class...
if the login failed it passes the session_destroy...
the do login function is called after a post form...
hope that helps..

what do you mean with caps....
---


function doLogin($pseudo,$pw){
    global $s_userAuthorisation;
    global $s_loginRetries;
    if ($this->DEBUG) { echo "<br> doLogin($pseudo,$pw)";}
    $loginOk=false;
    $s_userData=array();
    if (!isset($s_loginRetries)){
      session_register("s_loginRetries");
      $s_loginRetries=0;
     }
   // count the retris
   $s_loginRetries++;
   // check pseudo
   $userid=$this->getUserIdFromPseudo($pseudo);
   if ($userid==0) {
      if ($s_loginRetries<3) {
         // nothing to do as no timeout to set
         if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;}
         $this->ErrorMsg="Login inkorrekt";
      }
      else
         {
        $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte Loginversuche";
        if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte Loginversuche";}
        flush();
        sleep(10);
        $s_loginRetries=0;
     }
   }
   // pseudo exist so check the login
   else{
    // perform the login check
    $qstring = "select * ";
    $qstring = $qstring." from ".$this->tablename;
    $qstring = $qstring." where vch_pseudo ='".$pseudo."' ";
    $qstring = $qstring." and vch_pw ='".$pw."' ";
    $qstring = $qstring." and ".$this->activeRecord;
    $queryst = sprintf($qstring);
    $this->query($queryst);
   // only one row allowed
   if ($this->num_Rows()!=0) {
       while($this->next_record()) {
         $loginOk=true;
         if ($this->DEBUG) {
           echo "DOLOGINQUERYRESULT<br>";
           echo "sUserId:".$this->f("i_id")." <br>";
           echo "sSalutationId" .$this->f("i_salutation_id")." <br>";
           echo "sUserName" . $this->f("vch_pseudo")." <br>";
           echo "sUniqueId". $this->f("vch_unique")." <br>";
           echo "sEmail". $this->f("vch_email")." <br>";
           echo "sFirstName". $this->f("vch_first_name")." <br>";
           echo "sLastName". $this->f("vch_last_name")." <br>";
           echo "sLastLogin". $this->f("dt_last_login")." <br>";
           echo "sLoginSince". date("H:i:s")." <br>";


         }
         $s_userAuthorisation=array("sUserId" =>$this->f("i_id"),
                           "sSalutationId" =>$this->f("i_salutation_id"),
                           "sUserName" => $this->f("vch_pseudo"),
                           "sUniqueId" => $this->f("vch_unique"),
                           "sEmail" => $this->f("vch_email"),
                           "sFirstName" => $this->f("vch_first_name"),
                           "sLastName" => $this->f("vch_last_name"),
                           "sLastLogin" => $this->f("dt_last_login"),
                           "sLoginSince" => date("H:i:s"));
         session_register("s_userAuthorisation");
         if ($this->DEBUG) {
          echo "<br>Login ok ".$s_loginRetries;}
         $this->lastLoginDateTime=$this->f("dt_last_login");
         $this->loggedInPseudo=$pseudo;
         $this->updateLastLoginDate($pseudo);
         $this->ErrorMsg="";
         $s_loginRetries=0;
         // put to member online
         $k=new Keepalive();
         $k->updateUserLoggedIn(session_id(),$s_userAuthorisation["sUserName"],$s_userAuthorisation["sUserId"]);
         if ($this->DEBUG) { $this->displaySessionVars(); }


      }
   }
   else
      {
      // login failed
      // delete Session
      // here is the bug: HANGSPHP
session_destroy();

      // some security
      if ($this->DEBUG) { $this->displaySessionVars(); }

      if ($s_loginRetries<3) {
         // nothing to do as no timeout to set
         if ($this->DEBUG) {echo "<br>Loginretries ".$s_loginRetries;}
         $this->ErrorMsg="Login inkorrekt";

      }
      else
         {
        $this->ErrorMsg="10sec. Timeout<br> 3 fehlerhafte Loginversuche";
        if ($this->DEBUG) { echo "<br> 10sec. Timeout<br> 3 fehlerhafte Loginversuche in Folge<br>";}
        flush();
        sleep(10);
        $s_loginRetries=0;
        }
     // secutity end
      $this->lastLoginDateTime="";
      $this->loggedInPseudo="";
      }
  }
  return $loginOk;
 }
 [2002-03-06 05:06 UTC] sontor at todotobe dot de
Hope last feedback help.
 [2002-03-09 07:30 UTC] sontor at todotobe dot de
This Bug is even tested and reproduceable in Windows 2000 environment
 [2002-04-03 09:56 UTC] yohgaki@php.net
What is session save handler? files?
 [2002-04-07 16:02 UTC] sontor at todotobe dot de
I use Files as session save handler...
 [2002-04-07 18:35 UTC] sniper@php.net
Please try the PHP 4.2.0RC2 from http://www.php.net/~derick/
and remember to replace php4ts.dll also!

--Jani

 [2002-05-08 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 05:01:28 2024 UTC