PHP :: Bug #18404 :: Session data being lost

Bug #18404

Session data being lost

Submitted:

2002-07-18 04:40 UTC

Modified:

2003-05-20 08:48 UTC

Votes:	9
Avg. Score:	5.0 ± 0.0
Reproduced:	8 of 8 (100.0%)
Same Version:	3 (37.5%)
Same OS:	5 (62.5%)

From:

g dot hort at unsw dot edu dot au

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.3.0-dev

OS:

redhat 7.2

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	g dot hort at unsw dot edu dot au
New email:
PHP Version:		OS:

New Comment:

[2002-07-18 04:40 UTC] g dot hort at unsw dot edu dot au

If you go to ftest.html (see below) and upload a file of reasonably large size (80k) then click view to go to ftest.php (see below) the variable $_SESSION['fdata'] is undefined and you get the message "data lost" if using mysql to store sessions.  If using files to store sessions or the uploaded file is small it works.  This happens on redhat 7.2 with apache 1.3.22, mysql 3.23.41 & php-4.1.2-0horde1 & php-mysql-4.1.20-horde1 from the horde web site (www.horde.org).  I used the php.ini & httpd.conf that gets installed as standard except for the config below.  I've also seen this happen on Solaris 8, apache 1.3.26, php-4.2.1 and both mysql and sybase-ct.  It shows up when importing csv address book files into IMP/turba.  Unfortunately it's intermittent on linux :-(

my session handler is http://sporty.nun.unsw.edu.au/pear_session2.phps

apache config:

<Directory "/var/www/html/ftest">
    Options Indexes FollowSymLinks
    AllowOverride All
    order allow,deny
    allow from all
    php_flag register_globals Off
    php_value session.save_handler user
    php_value session.auto_start 0
    php_value session.use_cookies 1
    php_value session.use_trans_sid 0
    php_value session.gc_maxlifetime 2200
    php_value session.cache_limiter nocache
    php_value session.save_path mysql://horde:horde@localhost/test
    php_value auto_prepend_file /usr/share/php/pear_session2.php
</Directory>



ftest.html:

<html>
<head><title>Session Test Initial</title></head>
<body>
<form enctype="multipart/form-data" action="ftest.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
</body>
</html>

ftest.php:

<?php
session_start();
echo "<html>\nsession ID is ".session_id()."<br />\n";
if (isset($_FILES['userfile'])) {
    echo "file name is ".$_FILES['userfile']['name']."<br />\n";
    echo "file name is ".$_FILES['userfile']['tmp_name']."<br />\n";
    echo "file type is ".$_FILES['userfile']['type']."<br />\n";
    echo "file size is ".$_FILES['userfile']['size']."<br />\n";
    $importData = file($_FILES['userfile']['tmp_name']);
    $_SESSION['md5'] = md5(serialize($importData));
    $_SESSION['fdata'] = $importData;
    echo "md5 is ".$_SESSION['md5']."<br />\n";
    echo "<a href=\"".$_SERVER['PHP_SELF']."\">View</a><br />\n";
} else {
    if (isset($_SESSION['fdata'])) {
        echo "session md5 is ".$_SESSION['md5']."<br />\n";
        echo "saved file md5 is ".md5(serialize($_SESSION['fdata']))."<br />\n";
    } else {
        echo "data lost<br />\n";
    }
    echo "<a href=\"ftest.html\">Another</a><br />\n";
}
?>
</html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-18 17:22 UTC] sniper@php.net

Please try this snapshot:

http://snaps.php.net/php4-latest.tar.gz

[2002-07-19 01:41 UTC] g dot hort at unsw dot edu dot au

I tried the latest snapshot on Solaris 8 with gcc 2.95.3 and the sun linker and got several "output line too long" errors and the link failed.  I tried the latest stable snapshot; that compiled and linked fine but didn't fix the problem. my config is:

#!/bin/sh

CC=gcc \
./configure \
        --with-apxs=/usr/local/httpd/bin/apxs \
        --with-gettext \
        --with-xml \
        --with-zlib \
        --with-mysql=/usr/local/mysql \
        --with-sybase-ct=/usr/local/sybase12.5/OCS-12_5 \
        --with-imap=../imap-2001a

output of make is at http://sporty.nun.unsw.edu.au/gkh/make.out

[2002-07-19 02:22 UTC] derick@php.net

That is a limitation of sed and/or awk on plain Solaris, can you install the GNU utils?
See: http://www.sunfreeware.com/solmenu.html which has packages for them.

[2002-07-19 03:22 UTC] g dot hort at unsw dot edu dot au

gawk and gnu sed fixed the link problem, the session data lost problem still exists.

[2002-07-19 04:54 UTC] sniper@php.net

version update

[2002-09-19 13:20 UTC] kalowsky@php.net

just a side question, does this happen with PHP 4.2.3?  There is a minor change between the two that makes a big difference between the way the two work.

[2002-09-26 20:24 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-10-14 19:26 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2002-11-05 22:47 UTC] g dot hort at unsw dot edu dot au

It still happens with snapshot 20011030600

[2002-11-05 22:48 UTC] g dot hort at unsw dot edu dot au

that should be 200211030600

[2002-11-19 06:28 UTC] paul at atomicrevs dot net

This sounds a lot like 20449?  It's happening to me too by the way, same circumstances etc.

[2003-02-21 01:38 UTC] ng4rrjanbiah at rediffmail dot com

I've also experienced similar problem:

For me,
register_globals = on;

$_SESSION['foo'] = 'xxx';

...Then form operations that post few data including $_POST['foo']='yyy'

...Now the value of $_SESSION['foo'] is set to 'yyy'

My server's PHP version is 4.3.0...
The above bug is really a big problem for me...I've developed a part of the module for our big project...I've developed with the idea of register_globals=off, but other people develped with the idea of register_globals=on...And in the server, they've put it with register_globals=on... and I've started experiencing the above problem...

It worked fine on my local system (PHP4.2.3) with register_globals=off. As, the module is related to login & session, it is a very big problem for me. Any workaround??

Thanks & Regards,
R. Rajesh Jeba Anbiah

[2003-05-20 08:48 UTC] sas@php.net

This bug has been resolved since Oct 2002 (pread/pwrite issues on Linux). Please upgrade.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 19:01:31 2024 UTC