php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25574 empty session.save_path = problem (session.use_only_cookies = 1)
Submitted: 2003-09-17 10:04 UTC Modified: 2003-09-18 02:11 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: markus dot welsch at suk dot de Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.3 OS: Linux 2.4.22 (Debian 3.0r1)
Private report: No CVE-ID:
 [2003-09-17 10:04 UTC] markus dot welsch at suk dot de
Description:
------------
When using sessions and having session.save_path to an empty value the session data won't be saved - even if session.use_only_cookies = 1

When session.save_path is specified it works fine.

Reproduce code:
---------------
<?php

        session_name("test");
        session_start();

        print "Session-ID: ".session_id()."<br>";
        print_r($_SESSION);
        $_SESSION['test'] = "example";

?>

Expected result:
----------------
Session-ID: c0b505ac52883be84dd9681fc6e84c50
Array ( [test] => example ) 

Actual result:
--------------
Session-ID: c0b505ac52883be84dd9681fc6e84c50
Array ( )

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-17 10:17 UTC] markus dot welsch at suk dot de
Of course you have to reload after the 1st execution otherwise it's of no use :-)
 [2003-09-17 18:34 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

How can you expect sessions to work if PHP cannot safe the corresponding session data?
 [2003-09-18 02:11 UTC] markus dot welsch at suk dot de
Well it does NOT write to a file if a path is given and it should save to cookies like described, so why do you require to set this ?

Either the PHP itself or the documentation should be updated at least :-)
 [2004-02-18 01:57 UTC] unknown at simplemachines dot org
Markus,

PHP, as described in the manual, saves session data to files in a temporary directory. (unless an alternate handler is used...)  The cookie option is there to let the client know their ID and only their ID, which is used to access these files.

The option you describe, session.use_only_cookies, means it will not take session id's passed via GET. (like ?PHPSESSID=1234567890abcdef1234567890abcdef)

However, I do agree that not having session.save_path set should work; just like not having upload_tmp_dir set.  If you agree, please see my bug report here:
http://bugs.php.net/bug.php?id=26757

Thank you,
-[Unknown]
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 19:01:53 2014 UTC