php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15884 session_unregister does not work when followed by header("Location: ...")
Submitted: 2002-03-05 12:32 UTC Modified: 2002-06-01 00:00 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jt at domainfactory dot de Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.1.2 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2002-03-05 12:32 UTC] jt at domainfactory dot de
When followed by a 

header("Location: ...");

statement session_unregister does not get properly executed.

Reproduce: Take any script that has a session_unregister in it, put a header("Location: ...") under this statement, and see if unregistered var gets deleted from session-storage (it does not)
Now put a session_write_close() in front of the header-statement and watch it work properly.

If you have trouble reproducing this please don't hesitate to contact me.

My setup:

User-Defined Session-Handler: pgsql_session_handler latest version

PHP compiled with:
./configure' '--with-mysql=/usr/local/mysql' '--with-pgsql' '--with-ldap' '--enable-trans-sid' '--with-gd'

Exact same setup worked with php4.0.6, did not work after upgrade to 4.1.2




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-06 03:04 UTC] yohgaki@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".


You must provide short & complete script.
It sounds like your bug to me.
 [2002-03-06 12:25 UTC] jt at domainfactory dot de
> You must provide short & complete script.
> It sounds like your bug to me.

Well this issue is very to reproduce so I thought providing a script wont be necessary. Anyway the following set of scripts will expose the bug.

Please note that including the session handler will not be necessary if you are not running user-defined session handlers (php.ini setting)

An explanation on how to use the scripts is below

-----------------
file: include.php

<?
if (!$pgsql_session_table) include("/path/to/pgsql_session_handler.php");

session_start();
?>
-----------------
file: t1.php

<?
include("include.php");
$myvar = "hello";
session_register("myvar");
?>
<A HREF="t2.php">t2</A>
-----------------
file: t2.php

<?
include("include.php");
echo "myvar: $myvar<BR>";
?>
<A HREF="t3.php">t3</A>
-----------------
file: t3.php

<?

include("include.php");
session_unregister("myvar");
header("Location: t2.php");
?>
<A HREF="t2.php">t2</A>
-----------------


Observed behaviour:

t1 registers $myvar and displays link to t2. Follow this link
t2 shows value of $myvar and displays link to t3. Follow this link
t3 unregisters $myvar and uses header("Location: ") to redirect you to t2
t2 shows value of $myvar - it is still "hello"

The behaviour in the last step is incorrect - since $myvar was unregistred, its value should have been deleted from the session but obiously is not


When you comment out the line starting with "header" in t3.php and do the first two steps above and then click the link t3 shows $myvar will get unregistred properly. This is why the bug has the title "session_unregister does not work when followed by header("Location: ...")"


btw: The reason for this is not the session-handler I use, php simply does not call the "pgsql_session_write" function if session_unregister is followed by a header("Location: ...") statement.


best regards,

Jochen
 [2002-03-08 15:08 UTC] baatsaam at hotmail dot com
I believe this bug is related to bug #15909 (http://bugs.php.net/bug.php?id=15909)
 [2002-03-11 10:15 UTC] jt at domainfactory dot de
Yup looks like the two are related. The other bug was submitted an Mar 6th, I submitted mine on Mar 5th so at least the dupe is not my fault ;)

Jochen
 [2002-03-26 21:48 UTC] yohgaki@php.net
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

Could you try to get backtrace?
I guess PHP is segfaulting.
 [2002-03-28 04:22 UTC] jt at domainfactory dot de
Sorry but currently I am unable to provide a backtrace. Maybe anyone who stumbled over this bug and has a bit of time can provide one ?

(Also I forgot my bug-password, beat me)

Jochen
 [2002-06-01 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-03-15 18:19 UTC] software_freedom at member dot fsf dot org
Yup! Same here!
But, my code is something like the following:

index.php:
session_start ();
if (isset($_SESSION ['wow']))
    echo 'Yes! ';
else
    echo 'No! ';
echo '<a href="http://localhost/bug.php">Go!</a>';

bug.php:
session_start ();
$_SESSION ['wow'] = 'Alright!';
session_commit ();
header ('Location: http://localhost/index.php');

The answer is always 'No! '.

So, sad!

I will try to submit the backtrace if I have time ;-)

My PHP version is 4.1.14
 [2007-04-23 07:25 UTC] software_freedom at member dot fsf dot org
Hi Ho!

Regarding my last post, I am sorry that it is completely a false report.
The truth is that there is no such bug found in PHP version 4.4.0 (I am sorry that I also typed the wrong version before) that I use.

The problem happened because in the first file (file A) I started a session under localhost, submitted form data to the second file (file B) which started a session under localhost also and set variable $_SESSION['error'] under it, but redirected to file A which started a session under experimental.ecc.org and checked whether variable $_SESSION['error'] was present under it. Because the session under experimental.ecc.org had not had $_SESSION['error'], file A reported that $_SESSION['error'] was not present.

When I tried again by submitting the form to file B, my browser which read an HTML tag <BASE href="http://localhost/CDs/index.php"> sent the form data to file B under localhost and started a session under it along with setting $_SESSION['error'] variable in the session. Next, file B redirected the browser to file A which started a session under experimental.ecc.org and checked for the presence of non-existent variabel $_SESSION['error'] under it. This loop happened over and over again when I submitted the form data again and again because of my curiousity.

I discovered all of these just before I started to recompile my PHP with --enable-debug flag when I tried once again using simpler version of file A and file B in which I hardcoded the url.

For interested readers, I include the source code of file A (/CDs/index.php) and file B (/CDs/logic/login.php) below.

Regards,
Eus

/CDs/index.php:
<?php
	session_start ();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
  "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US" dir="ltr">
	<head>
		<meta http-equiv="Content-Type"
		      content="text/html; charset=ISO-8859-1" />
		<meta name="author" content="Eus" />
		<meta name="copyright"
		      content="&copy; 2007 Eus" />
		<meta name="date" content="2007 March 10" />
		<meta name="archive"
		      content="Eus' index of Eus CDs' content" />
		<meta name="content" content="Welcome page" />
		<base href="http://localhost/CDs/index.php" />
		<title>
			Welcome to Eus' index of Eus CDs' content
		</title>
		<style>
			h1 {
				text-align: center;
				border-style: solid;
				border-width: 0 0 thin 0;
				padding: 0 0 2% 0;
}
			form {
				display: table;
				margin-left: auto;
				margin-right: auto;
}
			form > div {
				display: table-row;
}
			form > div > span {
				display: table-cell;
}
			form > div > span.align_right {
				display: table-cell;
				text-align: right;
}
		</style>
	</head>
	<body>
		<h1>
			Eus' CDs
		</h1>
		<p>
			Before you can browse or modify the index, please login
			into the database first using the login panel below.
			Thank you.
		</p>
<?php
	if (isset ($_SESSION ['error']))
		echo 'Yes!';
	else
		echo 'No!';
	if (isset ($_SESSION ['error'])) {
?>
		<ul class="error">
<?php
		foreach ($_SESSION ['error'] as $key => $value) {
?>
			<li>
<?php
				echo $value . "\n";
?>
			</li>
<?php
}
?>
		</ul>
<?php
}
?>
		<form action="logic/login.php" method="post">
			<div>
				<span>
					<label>
						Username
					</label>
				</span>
				<span>
					<input type="text" name="username" />
				</span>
			</div>
			<div>
				<span>
					<label>
						Password
					</label>
				</span>
				<span>
					<input type="password"
					       name="password" />
				</span>
			</div>
			<div>
				<span>
					<input type="reset" value="Reset" />
				</span>
				<span class="align_right">
					<input type="submit" value="Submit" />
				</span>
			</div>
		</form>
	</body>
</html>
<?php
	unset ($_SESSION ['error']);
?>

CDs/logic/login.php:
<?php
	session_start ();
	if (!isset ($_POST ['username'])
	    || !is_string ($_POST ['username'])
	    || strlen (trim ($_POST ['username'])) < 1) {
		$_SESSION ['error'][] = 'username cannot be empty';
}
	if (!isset ($_POST ['password'])
	    || !is_string ($_POST ['password'])
	    || strlen (trim ($_POST ['password'])) < 1) {
		$_SESSION ['error'][] = 'password cannot be empty';
}
	session_commit ();
	//if (isset ($_SESSION ['error'])) {
		header ('Refresh: 5; url=http://'
			. $_SERVER ['SERVER_NAME']
			. '/CDs/index.php');
	//}
?>
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Oct 02 11:05:54 2022 UTC