php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18404 Session data being lost
Submitted: 2002-07-18 04:40 UTC Modified: 2003-05-20 08:48 UTC
Votes:9
Avg. Score:5.0 ± 0.0
Reproduced:8 of 8 (100.0%)
Same Version:3 (37.5%)
Same OS:5 (62.5%)
From: g dot hort at unsw dot edu dot au Assigned:
Status: Closed Package: Session related
PHP Version: 4.3.0-dev OS: redhat 7.2
Private report: No CVE-ID:
 [2002-07-18 04:40 UTC] g dot hort at unsw dot edu dot au
If you go to ftest.html (see below) and upload a file of reasonably large size (80k) then click view to go to ftest.php (see below) the variable $_SESSION['fdata'] is undefined and you get the message "data lost" if using mysql to store sessions.  If using files to store sessions or the uploaded file is small it works.  This happens on redhat 7.2 with apache 1.3.22, mysql 3.23.41 & php-4.1.2-0horde1 & php-mysql-4.1.20-horde1 from the horde web site (www.horde.org).  I used the php.ini & httpd.conf that gets installed as standard except for the config below.  I've also seen this happen on Solaris 8, apache 1.3.26, php-4.2.1 and both mysql and sybase-ct.  It shows up when importing csv address book files into IMP/turba.  Unfortunately it's intermittent on linux :-(

my session handler is http://sporty.nun.unsw.edu.au/pear_session2.phps

apache config:

<Directory "/var/www/html/ftest">
    Options Indexes FollowSymLinks
    AllowOverride All
    order allow,deny
    allow from all
    php_flag register_globals Off
    php_value session.save_handler user
    php_value session.auto_start 0
    php_value session.use_cookies 1
    php_value session.use_trans_sid 0
    php_value session.gc_maxlifetime 2200
    php_value session.cache_limiter nocache
    php_value session.save_path mysql://horde:horde@localhost/test
    php_value auto_prepend_file /usr/share/php/pear_session2.php
</Directory>



ftest.html:

<html>
<head><title>Session Test Initial</title></head>
<body>
<form enctype="multipart/form-data" action="ftest.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
</body>
</html>

ftest.php:

<?php
session_start();
echo "<html>\nsession ID is ".session_id()."<br />\n";
if (isset($_FILES['userfile'])) {
    echo "file name is ".$_FILES['userfile']['name']."<br />\n";
    echo "file name is ".$_FILES['userfile']['tmp_name']."<br />\n";
    echo "file type is ".$_FILES['userfile']['type']."<br />\n";
    echo "file size is ".$_FILES['userfile']['size']."<br />\n";
    $importData = file($_FILES['userfile']['tmp_name']);
    $_SESSION['md5'] = md5(serialize($importData));
    $_SESSION['fdata'] = $importData;
    echo "md5 is ".$_SESSION['md5']."<br />\n";
    echo "<a href=\"".$_SERVER['PHP_SELF']."\">View</a><br />\n";
} else {
    if (isset($_SESSION['fdata'])) {
        echo "session md5 is ".$_SESSION['md5']."<br />\n";
        echo "saved file md5 is ".md5(serialize($_SESSION['fdata']))."<br />\n";
    } else {
        echo "data lost<br />\n";
    }
    echo "<a href=\"ftest.html\">Another</a><br />\n";
}
?>
</html>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-18 17:22 UTC] sniper@php.net
Please try this snapshot:

http://snaps.php.net/php4-latest.tar.gz


 [2002-07-19 01:41 UTC] g dot hort at unsw dot edu dot au
I tried the latest snapshot on Solaris 8 with gcc 2.95.3 and the sun linker and got several "output line too long" errors and the link failed.  I tried the latest stable snapshot; that compiled and linked fine but didn't fix the problem. my config is:

#!/bin/sh

CC=gcc \
./configure \
        --with-apxs=/usr/local/httpd/bin/apxs \
        --with-gettext \
        --with-xml \
        --with-zlib \
        --with-mysql=/usr/local/mysql \
        --with-sybase-ct=/usr/local/sybase12.5/OCS-12_5 \
        --with-imap=../imap-2001a

output of make is at http://sporty.nun.unsw.edu.au/gkh/make.out
 [2002-07-19 02:22 UTC] derick@php.net
That is a limitation of sed and/or awk on plain Solaris, can you install the GNU utils?
See: http://www.sunfreeware.com/solmenu.html which has packages for them.
 [2002-07-19 03:22 UTC] g dot hort at unsw dot edu dot au
gawk and gnu sed fixed the link problem, the session data lost problem still exists.
 [2002-07-19 04:54 UTC] sniper@php.net
version update
 [2002-09-19 13:20 UTC] kalowsky@php.net
just a side question, does this happen with PHP 4.2.3?  There is a minor change between the two that makes a big difference between the way the two work.
 [2002-09-26 20:24 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-10-14 19:26 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2002-11-05 22:47 UTC] g dot hort at unsw dot edu dot au
It still happens with snapshot 20011030600
 [2002-11-05 22:48 UTC] g dot hort at unsw dot edu dot au
that should be 200211030600
 [2002-11-19 06:28 UTC] paul at atomicrevs dot net
This sounds a lot like 20449?  It's happening to me too by the way, same circumstances etc.
 [2003-02-21 01:38 UTC] ng4rrjanbiah at rediffmail dot com
I've also experienced similar problem:

For me,
register_globals = on;

$_SESSION['foo'] = 'xxx';

...Then form operations that post few data including $_POST['foo']='yyy'

...Now the value of $_SESSION['foo'] is set to 'yyy'

My server's PHP version is 4.3.0...
The above bug is really a big problem for me...I've developed a part of the module for our big project...I've developed with the idea of register_globals=off, but other people develped with the idea of register_globals=on...And in the server, they've put it with register_globals=on... and I've started experiencing the above problem...

It worked fine on my local system (PHP4.2.3) with register_globals=off. As, the module is related to login & session, it is a very big problem for me. Any workaround??

Thanks & Regards,
R. Rajesh Jeba Anbiah
 [2003-05-20 08:48 UTC] sas@php.net
This bug has been resolved since Oct 2002 (pread/pwrite issues on Linux). Please upgrade.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC