php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #43747 session_name() fails to set a new name when used with php_admin_value
Submitted: 2008-01-04 05:49 UTC Modified: 2008-11-15 01:00 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: pasamio at gmail dot com Assigned:
Status: No Feedback Package: Documentation problem
PHP Version: 5.2.5 OS: Linux/Apache2
Private report: No CVE-ID: None
View Developer Edit
 [2008-01-04 05:49 UTC] pasamio at gmail dot com 
Description:
------------
When the value is left at defaults or set with php_value in a .htaccess file the setting updates. When using php_admin_value, session_name remains the same. There is no mention in documentation of this being impossible, so I believe it to be a bug.

The sample code shows that when configured using php_admin_value the session_name() doesn't change.

Would appear to be related to this as session_name actually calls zend_alter_ini_entry:
Bug #41561  	Values set with php_admin_* in httpd.conf can be overwritten with ini_set()



Reproduce code:
---------------
In the httpd.conf (or similar) add:
php_admin_value session.name adminvalue

<?php
$oldname = session_name("new");
$newname = session_name();
echo 'Old Name: ' . $oldname . '<br />';
echo 'New Name: ' . $newname . '<br />';


Expected result:
----------------
Old Name: adminvalue
New Name: new

Actual result:
--------------
Old Name: adminvalue
New Name: adminvalue

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-04 07:24 UTC] pasamio at gmail dot com 
This also impacts:
- session_get_cookie_params
- session_module_name
- session_set_save_handler
- session_save_path
- session_cache_limiter
- session_cache_expire
- ignore_user_abort
- set_include_path

Reproduce Code:
---------------
<?php
function dummy() { 
	echo 'Dummy Function Called<br />';
	return true;
} 

// Session Name
$old = session_name("new");
$new = session_name();
echo 'session_name results<br />';
echo 'Old Name: ' . $old . '<br />';
echo 'New Name: ' . $new . '<br />';
echo '<hr />';

// Session_set_cookie_params
$old = session_get_cookie_params();
session_set_cookie_params(20); // returns void
$new = session_get_cookie_params();
echo 'session_get_cookie_params results<br />';
echo 'Old: '. print_r($old, 1) .'<br />';
echo 'New: '. print_r($new, 1) .'<br />';
echo '<hr />';

// session_module_name
$old = session_module_name('user');
$new = session_module_name();
echo 'session_module_name results<br />';
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';

// session_set_save_handler
echo 'session_set_save_handler results<br />';
$result = session_set_save_handler("dummy", "dummy", "dummy", "dummy", "dummy", "dummy");
echo 'Result: '. $result .'<br />';
echo 'Session Start: ';
@session_start();
echo 'session_set_save_handler dummy messages for the session destructon: <br />';
session_destroy();
echo '<hr />';

// session_save_path
echo 'session_save_path results <br />';
$old = session_save_path('/new');
$new = session_save_path();
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';

// session_cache_limiter
echo 'session_cache_limiter results <br />';
$old = session_cache_limiter('private');
$new = session_cache_limiter();
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';

// session_cache_expire
echo 'session_cache_expire results<br />';
$old = session_cache_expire(19);
$new = session_cache_expire();
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';

// set_include_path
echo 'set_include_path results<br />';
$old = get_include_path();
set_include_path('/new');
$new = get_include_path();
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';

// ignore_user_abort
echo 'ignore_user_abort results<br />';
$old = ignore_user_abort(true);
$new = ignore_user_abort();
echo 'Old: '. $old .'<br />';
echo 'New: '. $new .'<br />';
echo '<hr />';
echo 'Done';


Expected result:
----------------
iconv_set_value results
Old: ISO-8859-1
Return Value: 1
New: UTF-8
session_name results
Old Name: PHPSESSID
New Name: new
session_get_cookie_params results
Old: Array ( [lifetime] => 0 [path] => / [domain] => [secure] => [httponly] => )
New: Array ( [lifetime] => 20 [path] => / [domain] => [secure] => [httponly] => )
session_module_name results
Old: files
New: user
session_set_save_handler results
Result: 1
Session Start: Dummy Function Called
Dummy Function Called
session_set_save_handler dummy messages for the session destructon:
Dummy Function Called
Dummy Function Called
session_save_path results
Old:
New: /new
session_cache_limiter results
Old: nocache
New: private
session_cache_expire results
Old: 180
New: 19
set_include_path results
Old: .:/usr/local/lib/php
New: /new
ignore_user_abort results
Old: 0
New: 1
Done

Actual result:
iconv_set_value results
Old: ISO-8859-1
Return Value:
New: ISO-8859-1
session_name results
Old Name: PHPSESSID
New Name: PHPSESSID
session_get_cookie_params results
Old: Array ( [lifetime] => 0 [path] => / [domain] => [secure] => [httponly] => )
New: Array ( [lifetime] => 0 [path] => / [domain] => [secure] => [httponly] => )
session_module_name results
Old: files
New: files
session_set_save_handler results
Result: 1
Session Start: session_set_save_handler dummy messages for the session destructon:
session_save_path results
Old:
New:
session_cache_limiter results
Old: nocache
New: nocache
session_cache_expire results
Old: 180
New: 180
set_include_path results
Old: .:/usr/local/lib/php
New: .:/usr/local/lib/php
ignore_user_abort results
Old: 0
New: 0
Done
 [2008-02-14 23:02 UTC] jani@php.net 
This is intentional and the expected behaviour of php_admin_value.
Those functions you listed are all only just shortcuts for ini_set() of the related php.ini directives.

This should be mentioned in the docs. Also on this page:

http://docs.php.net/configuration.changes

For the php_admin_* parts there should be a note saying this also means the settings are not gonna be changed using either ini_set() or the shortcut functions.
 [2008-02-15 00:15 UTC] pasamio at gmail dot com 
I agree that this is a documentation issue, if it had of been clear that either these functions were just shortcuts to ini_set or if the other documentation would have noted that these functions would be impacted (it only notes ini_*) then this would also solve the issue. Additionally a notice that these functions could fail would also help things as session_name really appears to imply that it will always succeed as there is no error handling information except for a warning on the format of the session name.

The other issue is that when these commands fail, unless some of them are called again to check they were actually set, there is no way of detecting the error. For example with session_name, unless the value is checked again the system isn't providing a diagnostic that an error occured. If they are actually proxies for ini_set then the behaviour of ini_set would be desirable, e.g. return the old value on success and false on failure. That way there might be a chance that we can detect the error without having to call the function again to check it actually did what we asked it to do.
 [2008-11-07 14:11 UTC] vrana@php.net 
Please specify what exactly and where should be documented.
 [2008-11-15 01:00 UTC] doc-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Dec 03 07:00:01 2025 UTC