php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18158 sybase session storage causing data corruption
Submitted: 2002-07-04 04:35 UTC Modified: 2003-07-04 02:06 UTC
From: g dot hort at unsw dot edu dot au Assigned:
Status: No Feedback Package: Sybase-ct (ctlib) related
PHP Version: 4.3.0-dev OS: Solaris 8
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: g dot hort at unsw dot edu dot au
New email:
PHP Version: OS:

 

 [2002-07-04 04:35 UTC] g dot hort at unsw dot edu dot au
php for Apache 1.3.26 with mod_ssl
configure --with-apxs=/usr/local/apache/bin/apxs
          --with-gettext
          --with-xml
          --with-zlib
          --with-mysql=/usr/local/mysql
          --with-sybase-ct=/usr/local/sybase12.5/OCS-12.5
          --with-imap=../imap-2001a

I'm using user defined session storage.  mysql works fine.  Both sybase and sybase-ct can save a new session but not update it.

The routine that writes session data is:

function pear_session_write($session_id, $data)
{
  global $pear_session_db;
  $updated = time();
  $sql = "INSERT INTO " . PEAR_SESSION_TABLE
      . "(session_id, last_updated, data) "
      . "VALUES('" . addslashes($session_id) . "', $updated, '"
      . addslashes($data) . "')";
  user_error("pear_session0: $sql ($session_id)\n");
  $rs = $pear_session_db->query($sql);
  user_error("pear_session1: $sql ($session_id)\n");
  if (DB::isError($rs)) // probably a duplicate error: update existing value
  {
    $sql = "UPDATE " . PEAR_SESSION_TABLE
        . " SET last_updated = $updated, data = '"
        . addslashes($data) . "' WHERE session_id = '"
        . addslashes($session_id) . "'";
    $rs = $pear_session_db->query($sql);
  }
  return !(DB::isError($rs));
}

The reason the update doesn't occur is that the variable $session_id gets corrupted while the failing insert is executed and so the update fails.  The sybase interface seems to work fine in other (non-session) situations.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-04 09:29 UTC] g dot hort at unsw dot edu dot au
The session handler I'm using is from sourceforge, slightly modified, see http://www.library.unsw.edu.au/pear_session.phps
 [2002-07-19 04:06 UTC] g dot hort at unsw dot edu dot au
As workaround I modified the read routine of the session handler to set a global variable to say whether the session exists.  The write routine tests this var to tell whether to do an insert or an update, no errors are returned and everything works fine. see http://sporty.nun.unsw.edu.au/pear_session2.phps.
 [2002-07-19 04:57 UTC] sniper@php.net
In the other report (#18404) you said mysql does NOT work..
please, only ONE report per bug.

 [2002-07-19 05:38 UTC] g dot hort at unsw dot edu dot au
I think this is a different problem. This is related to sybase returning an error like already exists when doing an insert and it doesn't occur with mysql and has nothing to do with the size of the session.  The corruption occurs in a non-session variable and there doesn't appear to be anything wrong with the session data itself.

In 18404, as far as I can see, the database doesn't give an error, the problem occurs with both sybase and mysql and it seems to depend on the size of the session and the session variable becomes undefined.  It still occurs with the workaround for this bug in place.

However if you still think its the same bug then of course I accept that.
 [2002-09-25 06:33 UTC] sas@php.net
Not session related, reclassified.
 [2002-10-09 10:50 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-10-27 19:05 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2002-11-05 23:41 UTC] g dot hort at unsw dot edu dot au
tried snapshot 200211030600, getting

[06-Nov-2002 16:25:39] PHP Warning:  String is not zero-terminated (ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ*?ZZZZ) (source: /usr/local/src/imp/php4-200211030600/Zend/zend_execute_API.c:293) in Unknown on line 0

in the log.
 [2003-07-04 02:06 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jul 17 23:01:28 2024 UTC