PHP :: Bug #45871 :: session.gc_max

Bug #45871	session.gc_max_lifetime max value?
Submitted:	2008-08-20 19:46 UTC	Modified:	2009-02-06 17:14 UTC
From:	brett at pineconehill dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.2.6	OS:	Debian Etch/Lenny (2 machines)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2008-08-20 19:46 UTC] brett at pineconehill dot com

Description:
------------
While debugging session time out issues, I set the "session.gc_maxlifetime' option in php.ini to 15778463 (6 months)  In doing so, after restarting the server, of course, I was not able to log on to my test site at all.  This was the only setting that was changed.  

I lowered the value until I reached a range that would allow logins again.  Lowering the value to 2400000 allowed a log in to occur.  It seems that somewhere around the 2500000 range is when it stopped permitting logins.

Logins are authenticated via a MySQL database.

It appears as if an unsigned value is accidentally being treated as a signed one.

Reproduce code:
---------------
session.gc_maxlifetime = 15778463

Expected result:
----------------
Logins would be allowed, and sessions would not expire within 6 months, as part of session troubleshooting.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-08-21 20:55 UTC] jani@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2008-08-29 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2009-02-06 15:29 UTC] brett at pineconehill dot com

We have narrowed this down to memcache session handlers.  

Steps to reproduce:

apt-get install memcached

compile memcache extension and add to php.ini file:

extension=memcache.so

sample script:

<?php
        ini_set('session.save_handler', memcache);
        ini_set('session.save_path', "tcp://localhost:11211");
        ini_set('session.gc_maxlifetime',15578463);
?>

[2009-02-06 17:14 UTC] scottmac@php.net

Memcache is the issue here. The number of seconds may not exceed 60*60*24*30 (number of seconds in 30 days);

Which is 2592000 seconds

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 12:01:30 2024 UTC