php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #34524 session_regenerate_id doubles request
Submitted: 2005-09-16 11:59 UTC Modified: 2005-09-16 15:08 UTC
From: zoom at atlas dot sk Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.0RC2 OS: WinXP
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-09-16 11:59 UTC] zoom at atlas dot sk 
Description:
------------
I use following order of code after users log-in, to regenerate session id.

session_start()

...checking values...
...assigning values into $_SESSION

session_regenerate_id(true)

...inserting into database, date and IP of log event.

session_commit()

header() redirect into another page to show private content.

----
interesting thing is, that every time I run this script I get 2! inserts into database - as there were 2 logins occured. 

I use IE6 and FF and have also *random* problems with session_destroy() function. 
In debugging process I uncovered this above.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-16 12:01 UTC] tony2001@php.net 
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.
 [2005-09-16 13:47 UTC] zoom at atlas dot sk 
here is sniplet of my code that should authentificate user, rewrite current session_id, assign some attribute to it and let him go to next page.

//
session_start()
session_regenerate_id(true);
  
$sql = "INSERT INTO logins VALUES  ('{$log_date}','{$IP['addr']}')";
                  
$db->query($sql);
  
$_SESSION['userid'] = $uid;

$link = "Location: http://" . $CONFIG['APP_HOST'] . "in/";
 
session_commit();
header($link);

// expected behaviour
1. rewrite session id (I use cookies to propagate SID) and keep current attributes.
2. remove old session file from filesystem
3. insert 1 record into database
4. add new attribute into $_SESSION['uid']
5. redirect user to new page

// actual results
1. rewrite session id (cookie) and file
2. remove old session file (*randomly* error "Warning: session_regenerate_id() [function.session-regenerate-id]: Session object destruction failed in" occurs!)
3. 2 records are inserted into database (instead of one)
4. ok
5. if no error occured in point 2, then redirect is ok.

Used system is
WinXP - SP2
PHP5.1RC2 instaled in SAPI mode
Apache 2.0.53
Clients used: IE6, Firefox1.0.6
 [2005-09-16 14:12 UTC] sniper@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
 [2005-09-16 14:37 UTC] zoom at atlas dot sk 
everything neccessary is already here. I have nothing to add to this. solve it, or let it be. I dont care.
 [2005-09-16 15:08 UTC] sniper@php.net 
Like Lennon sang, "let it be, let it be.." (your script was incomplete)
 [2005-09-16 15:08 UTC] sniper@php.net 
AND I can't reproduce it with your incomplete script either.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 13:01:30 2024 UTC