php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18158 sybase session storage causing data corruption
Submitted: 2002-07-04 04:35 UTC Modified: 2003-07-04 02:06 UTC
From: g dot hort at unsw dot edu dot au Assigned:
Status: No Feedback Package: Sybase-ct (ctlib) related
PHP Version: 4.3.0-dev OS: Solaris 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: g dot hort at unsw dot edu dot au
New email:
PHP Version: OS:

 

 [2002-07-04 04:35 UTC] g dot hort at unsw dot edu dot au 
php for Apache 1.3.26 with mod_ssl
configure --with-apxs=/usr/local/apache/bin/apxs
          --with-gettext
          --with-xml
          --with-zlib
          --with-mysql=/usr/local/mysql
          --with-sybase-ct=/usr/local/sybase12.5/OCS-12.5
          --with-imap=../imap-2001a

I'm using user defined session storage.  mysql works fine.  Both sybase and sybase-ct can save a new session but not update it.

The routine that writes session data is:

function pear_session_write($session_id, $data)
{
  global $pear_session_db;
  $updated = time();
  $sql = "INSERT INTO " . PEAR_SESSION_TABLE
      . "(session_id, last_updated, data) "
      . "VALUES('" . addslashes($session_id) . "', $updated, '"
      . addslashes($data) . "')";
  user_error("pear_session0: $sql ($session_id)\n");
  $rs = $pear_session_db->query($sql);
  user_error("pear_session1: $sql ($session_id)\n");
  if (DB::isError($rs)) // probably a duplicate error: update existing value
  {
    $sql = "UPDATE " . PEAR_SESSION_TABLE
        . " SET last_updated = $updated, data = '"
        . addslashes($data) . "' WHERE session_id = '"
        . addslashes($session_id) . "'";
    $rs = $pear_session_db->query($sql);
  }
  return !(DB::isError($rs));
}

The reason the update doesn't occur is that the variable $session_id gets corrupted while the failing insert is executed and so the update fails.  The sybase interface seems to work fine in other (non-session) situations.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-04 09:29 UTC] g dot hort at unsw dot edu dot au 
The session handler I'm using is from sourceforge, slightly modified, see http://www.library.unsw.edu.au/pear_session.phps
 [2002-07-19 04:06 UTC] g dot hort at unsw dot edu dot au 
As workaround I modified the read routine of the session handler to set a global variable to say whether the session exists.  The write routine tests this var to tell whether to do an insert or an update, no errors are returned and everything works fine. see http://sporty.nun.unsw.edu.au/pear_session2.phps.
 [2002-07-19 04:57 UTC] sniper@php.net 
In the other report (#18404) you said mysql does NOT work..
please, only ONE report per bug.
 [2002-07-19 05:38 UTC] g dot hort at unsw dot edu dot au 
I think this is a different problem. This is related to sybase returning an error like already exists when doing an insert and it doesn't occur with mysql and has nothing to do with the size of the session.  The corruption occurs in a non-session variable and there doesn't appear to be anything wrong with the session data itself.

In 18404, as far as I can see, the database doesn't give an error, the problem occurs with both sybase and mysql and it seems to depend on the size of the session and the session variable becomes undefined.  It still occurs with the workaround for this bug in place.

However if you still think its the same bug then of course I accept that.
 [2002-09-25 06:33 UTC] sas@php.net 
Not session related, reclassified.
 [2002-10-09 10:50 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip
 [2002-10-27 19:05 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2002-11-05 23:41 UTC] g dot hort at unsw dot edu dot au 
tried snapshot 200211030600, getting

[06-Nov-2002 16:25:39] PHP Warning:  String is not zero-terminated (ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ*?ZZZZ) (source: /usr/local/src/imp/php4-200211030600/Zend/zend_execute_API.c:293) in Unknown on line 0

in the log.
 [2003-06-29 10:48 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
 [2003-07-04 02:06 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 14:01:31 2024 UTC