php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #34378 Bugfix done in 5.04 causes serios SESSION-bug!
Submitted: 2005-09-05 19:58 UTC Modified: 2005-09-07 16:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mail at lenzw dot de Assigned:
Status: Not a bug Package: Session related
PHP Version: 5CVS-2005-09-06 (snap) OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-09-05 19:58 UTC] mail at lenzw dot de 
Description:
------------
The bugfix I refer to is:
Bug #28324	HTTP_SESSION_VARS appear when Register_long_arrays is Off

The new bug caused by it is simple:
when Register_long_arrays is Off, changes to $_SESSION won't be saved correctly every time so the next time you do session_start();, you get an incomplete session.

also see
http://www.codeguru.com/forum/showthread.php?t=341549

the most interesting thing is that of the ~30 values I saved, only 3 values were actually set.
my theory is that the first time it's run, everything saves correct but not any more the 2nd or 3rd time

Reproduce code:
---------------
first time running:
-
session_start();
$_SESSION['xyz']="abc";


second time running:
-
session_start();
print_r($_SESSION);
$_SESSION['abc']="def";

third time running:
-
session_start();
print_r($_SESSION);

Expected result:
----------------
2st:
Array
(
    [xyz] => "abc"
)
3rd:
Array
(
    [xyz] => "abc"
    [abc] => "def"
)

Actual result:
--------------
2st:
Array
(
    [xyz] => "abc"
)
3rd:
Array
(
    [xyz] => "abc"
)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-05 23:39 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-09-06 18:47 UTC] mail at lenzw dot de 
tested. bug appears in CVS as well (tested with "php5-win32-latest.zip" from Sept 6th, 2005)
 [2005-09-07 11:53 UTC] sniper@php.net 
What is the diff between the php.ini-dist or php.ini-recommended compared to what your php.ini has?

I can't reproduce this with properly setup PHP,
and I have set register_long_arrays=off.
 [2005-09-07 14:40 UTC] mail at lenzw dot de 
well, unfortunatley it's not any .ini-value. (didn't change much there anyways... path-vars but nothing else)
tested again, with my self-submitted example and unfornately in that one, it works without bug (sorry, didn't think of that).
my big project still gets the same bug (and it is a bug, yes, I used session_write_clode(); everytime using a header command ect., everything checked twice there and it applies in most simple operations) so it definitely is there (the guy from the link I gave gave some example code as well, maybe try some of that I guess it could reproduce the bug) - unfortunately I can't give any code of my current project :/
will continue working with "register_long_arrays = On" and hope someone else can submit some code to help here.
 [2005-09-07 16:09 UTC] sniper@php.net 
It's not a bug as long as there isn't any code to prove it to be one. We have pretty complex system using sessions pretty heavily and we haven't had any problems. As soon as someone can prove there's really a bug around, I'll reopen this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 18 12:01:32 2024 UTC