php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32064 session_regenerate_id doesn't remove old session file
Submitted: 2005-02-22 11:13 UTC Modified: 2005-02-22 11:26 UTC
From: michal-bcc at logix dot cz Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.8 OS: Linux/x86
Private report: No CVE-ID: None
 [2005-02-22 11:13 UTC] michal-bcc at logix dot cz
Description:
------------
When regenerating session ID with session_regenerate_id() the file with old ID is kept in the appropriate directory. 

Say that I create a session with session_start() and get ID=abcd. Then sess_abcd is created.

Later I decide to generate a different ID for whatever reason, call session_regenerate_id() and get ID=1234. The old file sess_abcd, although truncated, is still kept in the filesystem. IMO it should be removed at the time of session_regenerate_id() completion.

Reproduce code:
---------------
<?
session_start();
echo "session1 = ".session_id();
session_regenerate_id();
echo "session2 = ".session_id();
?>

Expected result:
----------------
Only a single file sess_<session2> should be in session dir.

Actual result:
--------------
However both files are still there...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-22 11:26 UTC] tony2001@php.net
>IMO it should be removed at the time of session_regenerate_id() completion.
Why do you think so?
_All_ session files are removed by garbage collection, if you want to kill your session file explicitly - you have to call session_destroy().
That's expected behaviour and I don't see any bugs here.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 08:01:24 2019 UTC