php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29419 session_destroy() returns "session object destruction failed"
Submitted: 2004-07-28 06:42 UTC Modified: 2005-01-16 01:00 UTC
Votes:28
Avg. Score:3.5 ± 1.1
Reproduced:18 of 20 (90.0%)
Same Version:3 (16.7%)
Same OS:3 (16.7%)
From: roberto_stivanello at libero dot it Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.3.9 OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-07-28 06:42 UTC] roberto_stivanello at libero dot it
Description:
------------
Same problem as previous notified bugs, currently marked "closed".

Errore arise in production (webserver is ISP owned).

No problem during test on "localhost" on my machine: software works properly under ISS/WinXP.

Therefore I guess I cannot try last CVS solution: if you think it is available, tell me, and I'll endorse your advice to my ISP.

Do you think I should have appended this report to any of the previous ones instead of opening a new one? To which one, in your opinion? (If so, pardon me).

Thanks.



Reproduce code:
---------------
<?php # Script 12.13 - logoutadm.php
require_once ('../includes/config.inc');       // Include the configuration file for error management and such.
require_once ('../authentication.php');        // connects to mysql + defines functions + ob_start() + session_start()
include_once ('../includes/admin_header.inc'); // administrator page header
?>
<H2 id=essentials><A href="/" rel=bookmark>Logout</A></H2>
<?php
if (!isset($_SESSION['usera'])) {
	ob_end_clean(); // Delete the buffer.
	header ("Location:  http://" . $_SERVER['HTTP_HOST'] . "xxxxx.php");
      exit(); // Quit the script.
} else { // Logout the user.
      echo "<h3>Session = " . session_id() . "</h3>"; // for test purpose
	$_SESSION = array(); // Destroy the variables.
	session_destroy(); // Destroy the session itself.
      setcookie (session_name(), '', time()-300, '/', '', 0); // Destroy the cookie.
}
echo "<h3>Logout successful! </h3>"; // Print a customized message.
?>
<?php // Include the HTML footer.
include ('../includes/admin_footer.inc');
?>


Expected result:
----------------
As in test: user logged out, with no error displayed.

Actual result:
--------------
"session object destruction failed" error returned and displayed by error handler routine.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-20 22:27 UTC] roberto_stivanello at libero dot it
Member details prevoiusly missing:

===========authentication.php
<?php # Script 12.13 - authentication.php
// This page handles the authentication for the admin pages.

// require_once ('mysql_connect_auth.php'); // Connect to the database. Suppressed as from PHP Bugs request

function getAdminUser()
{
 return 'adminuserid';
} // end function

function getAdminPsw()
{
 return 'adminpassword';
} // end function

function checkAdminIdPsw($iadmin,$ipsw)
{
    if ( ($iadmin == (getAdminUser()) ) AND ($ipsw == (getAdminPsw()) ) ) { // If the correct values were entered...
        return 0;
    } else {
        return 1;
    }	
} // end function
?>
<?php # Script 12.10 - authentication.inc
// Session handling added for administrator too as HTTP authentication allowed only with php4 on Apache
// Start output byffering and initialize a session
ob_start();
session_start();
?>
<?php # Script 12.11 - authentication.inc
$authorized = FALSE;  // Initialize a variable.

// Check for authentication submission.
// Begin authentication code - server independent       

if ( (isset($_SESSION['usera']))  ) {
      if ( getAdminUser() == $_SESSION['usera'] ) {
		$authorized = TRUE;
	}	
} 

// If they haven't been authorized, create the pop-up window.
  
if ((!$authorized) AND (!$fromlogin)) {
      // show Admininistrator login page
      ob_end_clean();  // Delete the buffer

      header("Location: http://" . $_SERVER['HTTP_HOST'] . "/administratordirectory/index.php");
      exit();

}
?>




=========================index.php=================

<?php # Script 12.01 - index.php (site administration)

// Initial page for Administrator                 

// Include config file for error handling                        
require_once ('../includes/config.inc');

//requires authentication  
$fromlogin = TRUE;
require_once ('../authentication.php');

$reldir ='/';                        // posizione relativa rispetto a pagina attuale: '/' o '../'
// Includi testata
$bodyid = 'bodyadmin';
$idprimarymenu = 'menu';
$titolo_pagina_h2 = 'Home';

// Administrator header                  
include_once ('../includes/admin_header.inc');
// Corpo della pagina
?>
<!-- href deliberatamente anonimo -->
<H2 id=essentials><A href="/" rel=bookmark>Login Amministratore</A></H2> 

<?php 
echo "<h3>Sessione = " . session_id() . "</h3>";
if (isset($_POST['submit'])) { // Check if the form has been submitted.
      
      // Create e function for escaping the data
      
/* function escape_data ($data) {
          global $dbc; // Need the connection
          if (ini_get('magic_quotes_gpc')) {
             $data = stripslashes($data);
          }
          return mysql_real_escape_string
          ($data, $dbc);
      } // End of function.
*/
	if (empty($_POST['username'])) { // Validate the username.
		$u = FALSE;
		echo '<p><font color="red" size="+1">Administrator name missing!</font></p>';
	} else {
		$u = escape_data($_POST['username']);
	}
	
	if (empty($_POST['password'])) { // Validate the password.
		$p = FALSE;
		echo '<p><font color="red" size="+1">Administrator password missing!</font></p>';
	} else {
		$p = escape_data($_POST['password']);
	}
	
	if ($u && $p) { // If everything's OK.
	
	      $rc = checkAdminIdPsw($_POST['username'],$_POST['password']);
	      if ( 0 == $rc ) { // If the correct values were entered...
				
				// Start the session, register the values & redirect.
				$_SESSION['usera'] = $_POST['username'];
				// $_SESSION['pswa'] = $_POST['password'];
                        echo '<p><font color="green" size="+1">You are logged in as administrator.</font></p>';
				
		} else { // No match was made.
			echo '<p><font color="red" size="+1">Wrong user and password.</font></p>'; 
		}
		
	} else { // If everything wasn't OK.
		echo '<p><font color="red" size="+1">Please try again!</font></p>';
	}
	
} // End of SUBMIT conditional.
?>

<!-- <h1>Login</h1> -->
<p>Il tuo browser deve consentire i cookies per il "login".</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>Nome Utente:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->

</DIV>
<?php //include pie' di pagina 
require_once ('../includes/admin_footer.inc');
?>



====================admin_footer.inc=================
<DIV id=footer>
 
</DIV></DIV></BODY></HTML>


<?php # Script fine sessione
// Aggiunto gestione sessione anche per ADMIN in quanto autenticazione HTTP permessa solo con PHP4 su Apache
ob_end_flush();
?>

======================admin_header.inc =================


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml">
<HEAD><TITLE>Il Portico</TITLE>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
<META http-equiv=Content-Language content=en-us>
<META content=all name=robots>
<META http-equiv=imagetoolbar content=false>
<META content="Roberto Stivanello." name=author>
<META content="Copyright (c) 2004-2005 Roberto Stivanello" name=Copyright>
<META 
content="Il Portico Onlus: specializzata in pietre scartate dai costruttori che divengono testate d'angolo." 
name=description>
<META 
content="onlus, umanitari, diversabili, emarginazione, handicap, associazioni" 
name=keywords>
</HEAD>
<BODY id=mybody >
<DIV id=headwrap>
<H1 id=nufront>Il Portico (onlus)</H1></DIV>
<UL id=menu>
  <LI id=chisiamomenu><A title="Ci presentiamo" href="/chisiamo/">chi 
  siamo</A></LI>
</UL>
<DIV id=wrapper>
<DIV id=bravefourhundred> 

===================config.inc====================
<?php # Script 12.3 - config.inc

// This script sets the error reporting and logging for the site.

//error_reporting (0); // Production level
error_reporting (E_ALL); // Development level

// Use my own error handling function.
function my_error_handler ($e_number, $e_message) {

	$message = 'Error in: ' . __FILE__ . ' line # ' . __LINE__ . ": $e_message";
	//error_log ($message, 1, 'ilporticoonlusadmin@libero.it'); // Production (send email)
	echo '<font color="red" size="+1">', $message, '</font>'; // Development (print the error in red)
}
set_error_handler('my_error_handler');
?>
 [2005-01-16 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC