php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30789 New Session created for every session_start() call.
Submitted: 2004-11-15 07:08 UTC Modified: 2004-11-15 08:36 UTC
From: spam at taylorw dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: Irrelevant OS: Linux - 2.6.8-gentoo-r3
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2004-11-15 07:08 UTC] spam at taylorw dot com 
Description:
------------
I have tried 4.3.9 and 5.0.2 (both emerged via gentoo) with various Apache 2.0.5x versions (currently using 2.0.52)... none seem to solve this problem. Anytime session_start(); is called a new session is created, along with a new session_id. I have verified that /tmp is where the sessions are being stored, and have watched the directory as I refreshed a page with nothing but session_start(); in it, and a new session is created each time. And session autostart is not on in php.ini.

Relevant php.ini information:

session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = 
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0


Reproduce code:
---------------
/* Page One (page1.php)*/
<?php

session_start();

echo session_id();

?>
<a href="page2.php">click here for page 2</a>

/* Page Two (page2.php)*/
<?php

session_start();

echo session_id();

?>
<a href="page2.php">click here for page one</a>

Expected result:
----------------
The echo'ed session_id()'s should be the same for both pages, and no new session file should exist in /tmp .

Actual result:
--------------
The session id's differ, and a new session file has been created in /tmp . Refreshing either page creates another session file in /tmp as well.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-15 07:45 UTC] tony2001@php.net 
Try to set session.use_trans_sid to 1 and check if cookies are enabled in your browser.
 [2004-11-15 07:56 UTC] spam at taylorw dot com 
Changed, and checked using two different machines, and browsers... same problem. I did note something of interest. After changing that setting, I echo'ed phpinfo() and it does not show the updated setting in the php.ini... So then I noticed something else (compared to another system with exact same Apache and mod_php versions)...

For the box it wont work on:
--with-config-file-path=/etc/php/apache2-php4
Configuration File (php.ini) Path  /php.ini  

For the box it does work on:
--with-config-file-path=/etc/php/apache2-php4
Configuration File (php.ini) Path  /etc/php/apache2-php4/php.ini  

The second one has the correct path despite the fact that they both have the same --with-configure lines. I'm not sure if that has anything to do with the session issue?
 [2004-11-15 08:05 UTC] tony2001@php.net 
No, put your php.ini to the right place first.
 [2004-11-15 08:13 UTC] spam at taylorw dot com 
Not sure what you mean "put it to the right place" ? I understand that it's trying to read it from /php.ini but I havent been able to find where that is set?

I also used 'locate' to find all php.ini files and updated the two it found to turn on the trans_sid, but still having the same issue.
 [2004-11-15 08:16 UTC] tony2001@php.net 
I mean delete /php.ini and use /etc/php/apache2-php4/php.ini instead.
Does `ls -l /php.ini` report that there is no such file ?
 [2004-11-15 08:19 UTC] spam at taylorw dot com 
Yeah it did, removed that one (which I know remember I copied off the other box to compare with this boxes). The correct ini file is now reported... but nothing else new to report.
 [2004-11-15 08:36 UTC] spam at taylorw dot com 
Not sure why this got changed to bogus, when the session issue is still happening?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 07:01:31 2024 UTC