|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5493 Both ISAPI & CGI modules in 4.0.1pl2 exhibit errors with session ids
Submitted: 2000-07-10 21:33 UTC Modified: 2000-12-07 11:21 UTC
From: fseesink at usa dot net Assigned:
Status: Closed Package: *General Issues
PHP Version: 4.0.2 OS: Windows NT Server 4 SP5/IIS4
Private report: No CVE-ID: None
 [2000-07-10 21:33 UTC] fseesink at usa dot net
* Using PHP v4.0.1pl2 Win32 binary provided by PHP.NET/
[NOTE:  It would be helpful to add binary releases to your 'PHP version:' field above, as v4.0.1, v4.0.1pl1, and v4.0.1pl2 are not listed above.]
* Zend Optimizer RC1 also installed
* In PHP.INI, all configured properly:  session.save_path, session.save_handler = files, etc.
[Question:  PHP.INI file contains "session.cookie_lifetime", but PHP Manual says "session.lifetime".  Which is correct?  Have put in both to be safe.]
* USING ISAPI module installed as ISAPI filter & AppMapping in IIS4 as described in README.TXT file, new session ids are created on each invocation of a new page, thereby eliminating any chance for session variables to propogate properly.  After initial session file properly created, subsequent session files are 0 bytes, indicating no variables stored.
* USING CGI module (PHP.EXE), keep receiving "Warning: open(/tmp/sess_f30188520bcdfb68ecd0baf4236475b7, O_RDWR) failed" errors.  Session id do at least stay the same.
* Final notes:  with ISAPI module setting cookies appears to work as expected, and reading cookies works also.  However, with CGI version, apparently unable to either set cookies or read them back in.  Also, IIS' inetinfo.exe crashes about 1/2 the time when attempting to 'net stop iisadmin' with the ISAPI modules installed.

Scripts used to test this:
**********[ Check4SessionId.PHP ]**********
	if ( isset($HTTP_COOKIE_VARS["PHPSESSID"]) ) {
		echo "Yep, we got a cookie!<br>";
	} else {
		echo "Nope, no cookie.<br>";
**********[ StartSession.PHP ]**********
	echo "Have started a session.<br>";
**********[ Page1.PHP ]**********
if (!$PHPSESSID) {
$lastaccess = time();
This is page 1.<br>
   echo "\$PHPSESSID   = '$PHPSESSID'<br>";
   echo "\$userid      = '$userid'<br>";
   echo "\$firstaccess = '$firstaccess'<br>";
   echo "\$lastaccess  = '$lastaccess'<p>";
<A HREF="page2.php">Page 2</A>.<p>
**********[ Page2.PHP ]**********
**********[ Page3.PHP ]**********
**********[ Page4.PHP ]**********
Same as above, only with slight changes so that Page1 links to Page 2, Page2->Page3, Page3->Page4, and Page4->Page1.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-10 21:47 UTC] fseesink at usa dot net
Additional comment regarding PHP.EXE error message.  With file Page1.PHP the entire output is as follows:
Warning: open(/tmp/sess_f30188520bcdfb68ecd0baf4236475b7, O_RDWR) failed: m (2) in E:\InetPub\wwwroot\php\sessions\page1.php on line 2
This is page 1.
$PHPSESSID = 'f30188520bcdfb68ecd0baf4236475b7'
$userid = ''
$firstaccess = ''
$lastaccess = '963193497'

Page 2.

Warning: open(/tmp/sess_f30188520bcdfb68ecd0baf4236475b7, O_RDWR) failed: m (2) in Unknown on line 0

Warning: Failed to write session data. Please check that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
 [2000-07-11 01:14 UTC] fseesink at usa dot net
Sorry, meant to include this but didn't want to clutter things up since it's so long.  But for completeness here ya go, the PHP.INI file, which should put the issue of session.save_path to bed, among other things:

; NOTE:  Search for '***' to find modifications

; About this file ;
; This file controls many aspects of PHP's behavior.  In order for PHP to
; read it, it must be named 'php.ini'.  PHP looks for it in the current
; working directory, in the path designated by the environment variable
; PHPRC, and in the path that was defined in compile time (in that order).
; Under Windows, the compile-time path is the Windows directory.  The
; path in which the php.ini file is looked for can be overriden using
; the -c argument in command line mode.
; The syntax of the file is extremely simple.  Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
; Expressions in the INI file are limited to bitwise operators and parentheses:
; |				bitwise OR
; &				bitwise AND
; ~				bitwise NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
;   foo =			; sets foo to an empty string
;	foo = none		; sets foo to an empty string
;	foo = "none"	; sets foo to the string 'none'
; If you use constants in your value, and these constants belong to a dynamically
; loaded extension (either a PHP extension or a Zend extension), you may only
; use these constants *after* the line that loads the extension.
; All the values in the php.ini-dist file correspond to the builtin
; defaults (that is, if no php.ini is used, or if you delete these lines,
; the builtin defaults will be identical).

; To create an 'optimized', PHP 4-style version of the php.ini-dist file,
; we need to create different values for several directives, in order to
; improve performance, while possibly breaking compatibility with the
; standard out-of-the-box behavior of PHP 3.  Please make sure you read
; what's different, and modify your scripts accordingly, if you decide to use
; these features instead (which is recommended!)
; - allow_call_time_pass_reference = Off
;     It's not possible to decide to force a variable to be passed by reference
;     when calling a function.  The PHP 4 style to do this is by making the
;     function require the relevant argument by reference.
; - register_globals = Off
;     Global variables are no longer registered for input data (POST, GET,
;     cookies, environment and other server variables).  Instead of using $foo,
;     you must use $HTTP_POST_VARS["foo"], $HTTP_GET_VARS["foo"],
;     $HTTP_COOKIE_VARS["foo"], $HTTP_ENV_VARS["foo"] or
;     $HTTP_SERVER_VARS["foo"], depending on which kind of input source you're
;     expecting 'foo' to come from.
; - register_argc_argv = Off
;     Disables registration of the somewhat redundant $argv and $argc global
;     variables.
; - magic_quotes_gpc = Off
;     Input data is no longer escaped with slashes so that it can be sent into
;     SQL databases without further manipulation.  Instead, you should use the
;     function addslashes() on each input element you wish to send to a
;     database.
; - variables_order = "GPCS"
;     The environment variables are not hashed into the $HTTP_ENV_VARS[].  To
;     access environment variables, you can use getenv() instead.

; Language Options ;
engine                       = On  ; Enable the PHP scripting language engine
                                   ; under Apache
short_open_tag               = On  ; allow the <? tag.  otherwise, only <?php
                                   ; and <script> tags are recognized.
asp_tags                     = On  ; *** MODIFIED from 'Off' ***
                                   ; allow ASP-style <% %> tags
precision                    = 14  ; number of significant digits displayed in
                                   ; floating point numbers
y2k_compliance               = Off ; whether to be year 2000 compliant (will
                                   ; cause problems with non y2k compliant
                                   ; browsers)
output_buffering             = Off ; Output buffering allows you to send header
                                   ; lines (including cookies) even after you
                                   ; send body content, in the price of slowing
                                   ; PHP's output layer a bit.
                                   ; You can enable output buffering by in
                                   ; runtime by calling the output buffering
                                   ; functions, or enable output buffering for
                                   ; all files by setting this directive to On.
implicit_flush               = Off ; Implicit flush tells PHP to tell the output
                                   ; layer to flush itself automatically after
                                   ; every output block.  This is equivalent to
                                   ; calling the PHP function flush() after each
                                   ; and every call to print() or echo() and
                                   ; each and every HTML block.
                                   ; Turning this option on has serious
                                   ; performance implications, and is generally
                                   ; recommended for debugging purposes only.
allow_call_time_pass_reference = Off ; *** MODIFIED from 'On' ***
                                   ; whether to enable the ability to force
                                   ; arguments to be passed by reference at
                                   ; function-call time.  This method is
                                   ; deprecated, and is likely to be unsupported
                                   ; in future versions of PHP/Zend.  The
                                   ; encouraged method of specifying which
                                   ; arguments should be passed by reference is
                                   ; in the function declaration.  You're
                                   ; encouraged to try and turn this option Off,
                                   ; and make sure your scripts work properly
                                   ; with it, to ensure they will work with
                                   ; future versions of the language (you will
                                   ; receive a warning each time you use this
                                   ; feature, and the argument will be passed by
                                   ; value instead of by reference).

; Safe Mode
safe_mode                    = Off
safe_mode_exec_dir           =
safe_mode_allowed_env_vars   = PHP_
                                   ; Setting certain environment variables may
                                   ; be a potential security breach.  This
                                   ; directive contains a comma-delimited list
                                   ; of prefixes.  In Safe Mode, the user may
                                   ; only alter environment variables whose
                                   ; names begin with the prefixes supplied
                                   ; here.
                                   ; By default, users will only be able
                                   ; to set environment variables that begin
                                   ; with PHP_ (e.g. PHP_FOO=BAR).
                                   ; Note:  If this directive is empty, PHP
                                   ; will let the user modify ANY environment
                                   ; variable!
safe_mode_protected_env_vars = LD_LIBRARY_PATH
                                   ; This directive contains a comma-delimited
                                   ; list of environment variables, that the end
                                   ; user won't be able to change using
                                   ; putenv().  These variables will be
                                   ; protected even if
                                   ; safe_mode_allowed_env_vars is set to allow
                                   ; to change them.

; Colors for Syntax Highlighting mode.  Anything that's acceptable in
; <font color=???> would work.
highlight.string             = #DD0000
highlight.comment            = #FF8000
highlight.keyword            = #007700                 = #FFFFFF
highlight.default            = #0000BB
highlight.html               = #000000

; Misc
expose_php                   = On  ; Decides whether PHP may expose the fact
                                   ; that it is installed on the server (e.g.,
                                   ; by adding its signature to the Web server
                                   ; header).
                                   ; It is no security threat in any way, but it
                                   ; makes it possible to determine whether you
                                   ; use PHP on your server or not.

; Resource Limits ;

max_execution_time           = 30  ; Maximum execution time of each script, in
                                   ; seconds (UNIX only)
memory_limit                 = 8388608
                                   ; Maximum amount of memory a script may
                                   ; consume (8MB)

; Error handling and logging ;
; error_reporting is a bit-field.  Or each number up to get desired error
; reporting level
; E_ALL                            - All errors and warnings
; E_ERROR                          - fatal run-time errors
; E_WARNING                        - run-time warnings (non fatal errors)
; E_PARSE                          - compile-time parse errors
; E_NOTICE                         - run-time notices (these are warnings which
;                                    often result from a bug in your code, but
;                                    it's possible that it was intentional
;                                    (e.g., using an uninitialized variable and
;                                    relying on the fact it's automatically
;                                    initialized to an empty string)
; E_CORE_ERROR                     - fatal errors that occur during PHP's
;                                    initial startup
; E_CORE_WARNING                   - warnings (non fatal errors) that occur
;                                    during PHP's initial startup
; E_COMPILE_ERROR                  - fatal compile-time errors
; E_COMPILE_WARNING                - compile-time warnings (non fatal errors)
; E_USER_ERROR                     - user-generated error message
; E_USER_WARNING                   - user-generated warning message
; E_USER_NOTICE                    - user-generated notice message
; Examples:
; error_reporting              = E_ALL & ~E_NOTICE
;                                    ; show all errors, except for notices
; error_reporting              = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
;                                    ; show only errors
error_reporting              = E_ALL & ~E_NOTICE
                                   ; Show all errors except for notices
display_errors               = On  ; Print out errors (as a part of the HTML
                                   ; script)
log_errors                   = Off ; Log errors into a log file (server-specific
                                   ; log, stderr, or error_log (below))
track_errors                 = Off ; Store the last error/warning message in
                                   ; $php_errormsg (boolean)
;error_prepend_string         = "<font color=ff0000>"
                                   ; string to output before an error message
;error_append_string          = "</font>"
                                   ; string to output after an error message
;error_log                    = filename
                                   ; log errors to specified file
;error_log                    = syslog
                                   ; log errors to syslog (Event Log on NT, not
                                   ; valid in Windows 95)
warn_plus_overloading        = Off ; warn if the + operator is used with strings

; Data Handling ;
variables_order              = "GPCS" ; *** MODIFIED from "EGPCS" ***
                                   ; This directive describes the order in which
                                   ; PHP registers GET, POST, Cookie,
                                   ; Environment and Built-in variables (G, P,
                                   ; C, E & S respectively, often referred to as
                                   ; EGPCS or GPC).
                                   ; Registration is done from left to right,
                                   ; newer values override older values.
register_globals             = On  ; *** MODIFIED from 'On' ***
                                   ; Whether or not to register the EGPCS
                                   ; variables as global variables.  You may
                                   ; want to turn this off if you don't want to
                                   ; clutter your scripts' global scope with
                                   ; user data.  This makes most sense when
                                   ; coupled with track_vars - in which case
                                   ; you can access all of the GPC variables
                                   ; through the $HTTP_*_VARS[], variables.
register_argc_argv           = Off ; *** MODIFIED from 'On' ***
                                   ; This directive tells PHP whether to declare
                                   ; the argv&argc variables (that would contain
                                   ; the GET information).  If you don't use
                                   ; these variables, you should turn it off for
                                   ; increased performance
track_vars                   = On  ; enable the $HTTP_*_VARS[] arrays, where *
                                   ; is one of ENV, POST, GET, COOKIE or SERVER.
gpc_order                    = "GPC"
                                   ; This directive is deprecated.  Use
                                   ; variables_order instead.

; Magic quotes
magic_quotes_gpc             = On  ; magic quotes for incoming GET/POST/Cookie
                                   ; data
magic_quotes_runtime         = On  ; *** MODIFIED from 'Off'
                                   ; magic quotes for runtime-generated data,
                                   ; e.g. data from SQL, from exec(), etc.
magic_quotes_sybase          = Off ; Use Sybase-style magic quotes (escape '
                                   ; with '' instead of \')

; automatically add files before or after any PHP document
auto_prepend_file            =
auto_append_file             =

; As of 4.0b4, PHP always outputs a character encoding by default in
; the Content-type: header.  To disable sending of the charset, simply
; set it to be empty.
; PHP's built-in default is text/html
default_mimetype             = "text/html"
;default_charset              = "iso-8859-1"

; Paths and Directories ;
include_path                 = 
                                   ; UNIX: "/path1:/path2"
                                   ; Windows: "\path1;\path2"
doc_root                     = "E:\InetPub\wwwroot" ; *** MODIFIED ***
                                   ; the root of the php pages, used only if
                                   ; nonempty
;open_basedir                 = "E:\InetPub\wwwroot"
user_dir                     =     ; the directory under which php opens the
                                   ; script using /~username, used only if
                                   ; nonempty
;upload_tmp_dir               =     ; temporary directory for HTTP uploaded
                                   ; files (will use system default if not
                                   ; specified)
upload_max_filesize          = 2097152
                                   ; 2 Meg default limit on file uploads
extension_dir                = "E:\InetPub\PHP" ; *** MODIFIED from './' ***
                                   ; directory in which the loadable extensions
                                   ; (modules) reside

; Dynamic Extensions ;
; if you wish to have an extension loaded automaticly, use the
; following syntax:  extension=modulename.extension
; for example, on windows,
; extension=msql.dll
; or under UNIX,
; Note that it should be the name of the module only, no directory information
; needs to go here.  Specify the location of the extension with the
; extension_dir directive above.

;Windows Extensions
;extension                    = php_mysql.dll
;extension                    = php_nsmail.dll
extension                    = php_calendar.dll
;extension                    = php_dbase.dll
;extension                    = php_filepro.dll
;extension                    = php_gd.dll
;extension                    = php_dbm.dll
;extension                    = php_mssql.dll
;extension                    = php_zlib.dll
;extension                    = php_imap4r2.dll
;extension                    = php_ldap.dll
;extension                    = php_crypt.dll
;extension                    = php_msql2.dll
;extension                    = php_odbc.dll

; Module Settings ;

define_syslog_variables      = Off ; Whether or not to define the various syslog
                                   ; variables, e.g. $LOG_PID, $LOG_CRON, etc.
                                   ; Turning it off is a good idea performance-
                                   ; wise.  In runtime, you can define these
                                   ; variables by calling
                                   ; define_syslog_variables()

[mail function]
SMTP                         =
                                   ; *** MODIFIED from 'localhost' ***
                                   ; for win32 only
sendmail_from                =
                                   ; *** MODIFIED from '' ***
                                   ; for win32 only
;sendmail_path                =     ;for unix only, may supply arguments as well
                                   ; (default is sendmail -t)

[Debugger]                = localhost
debugger.port                = 7869
debugger.enabled             = False

; These configuration directives are used by the example logging mechanism.
; See examples/README.logging for more explanation.
;logging.method               = db
;            = /path/to/log/directory

sql.safe_mode                = Off

;uodbc.default_db             = Not yet implemented
;uodbc.default_user           = Not yet implemented
;uodbc.default_pw             = Not yet implemented
uodbc.allow_persistent       = On  ; allow or prevent persistent links
uodbc.check_persistent       = On  ; check that a connection is still
                                   ; validbefore reuse
uodbc.max_persistent         = -1  ; maximum number of persistent links. -1
                                   ; means no limit
uodbc.max_links              = -1  ; maximum number of links (persistent+non
                                   ; persistent). -1 means no limit
uodbc.defaultlrl             = 4096
                                   ; Handling of LONG fields. Returns number of
                                   ; bytes to variables, 0 means passthru
uodbc.defaultbinmode         = 1   ; Handling of binary data. 0 means passthru,
                                   ; 1 return as is, 2 convert to char
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
; of uodbc.defaultlrl and uodbc.defaultbinmode

mysql.allow_persistent       = On  ; allow or prevent persistent link
mysql.max_persistent         = -1  ; maximum number of persistent links. -1
                                   ; means no limit
mysql.max_links              = -1  ; maximum number of links (persistent+non
                                   ; persistent).  -1 means no limit
mysql.default_port           =     ; default port number for mysql_connect().
                                   ; If unset, mysql_connect() will use the
                                   ; $MYSQL_TCP_PORT, or the mysql-tcp entry in
                                   ; /etc/services, or the compile-time defined
                                   ; MYSQL_PORT (in that order).  Win32 will
                                   ; only look at MYSQL_PORT.
mysql.default_host           =     ; default host for mysql_connect() (doesn't
                                   ; apply in safe mode)
mysql.default_user           =     ; default user for mysql_connect() (doesn't
                                   ; apply in safe mode)
mysql.default_password       =     ; default password for mysql_connect()
                                   ; (doesn't apply in safe mode)
                                   ; Note that this is generally a *bad* idea to
                                   ; store passwords in this file.  *Any* user
                                   ; with PHP access can run
                                   ; 'echo cfg_get_var("mysql.default_password")'
                                   ; and reveal that password!  And of course,
                                   ; any users with read access to this file
                                   ; will be able to reveal the password as well.

msql.allow_persistent        = On  ; allow or prevent persistent link
msql.max_persistent          = -1  ; maximum number of persistent links. -1
                                   ; means no limit
msql.max_links               = -1  ; maximum number of links (persistent+non
                                   ; persistent).  -1 means no limit

pgsql.allow_persistent       = On  ; allow or prevent persistent link
pgsql.max_persistent         = -1  ; maximum number of persistent links. -1
                                   ; means no limit
pgsql.max_links              = -1  ; maximum number of links (persistent+non
                                   ; persistent).  -1 means no limit



bcmath.scale                 = 0   ; number of decimal digits for all bcmath
                                   ; functions

browscap                     = D:\WINNT\System32\inetsrv\browscap.ini


session.save_handler         = files
                                   ; handler used to store/retrieve data
session.save_path            = E:\InetPub\sessions ; *** MODIFIED from '/tmp' ***
                                   ; argument passed to save_handler
                                   ; in the case of files, this is the
                                   ; path where data files are stored
session.use_cookies          = 1   ; whether to use cookies                 = PHPSESSID
                                   ; name of the session
                                   ; is used as cookie name
session.auto_start           = 0   ; initialize session on request startup
session.lifetime             = 0   ; In docs but not in PHP.INI
session.cookie_lifetime      = 0   ; lifetime in seconds of cookie
                                   ; or if 0, until browser is restarted
session.cookie_path          = /   ; the path the cookie is valid for
session.cookie_domain        =     ; the domain the cookie is valid for
session.serialize_handler    = php ; handler used to serialize data
                                   ; php is the standard serializer of PHP
session.gc_probability       = 1   ; percentual probability that the
                                   ; 'garbage collection' process is started
                                   ; on every session initialization
session.gc_maxlifetime       = 1440
                                   ; after this number of seconds, stored
                                   ; data will be seen as 'garbage' and
                                   ; cleaned up by the gc process
session.referer_check        = 1   ; *** MODIFIED from blank ***
                                   ; check HTTP Referer to invalidate
                                   ; externally stored URLs containing ids
session.entropy_length       = 0   ; how many bytes to read from the file
session.entropy_file         =     ; specified here to create the session id
; session.entropy_length       = 16
; session.entropy_file         = /dev/urandom
session.cache_limiter        = nocache
                                   ; set to {nocache,private,public} to
                                   ; determine HTTP caching aspects
session.cache_expire         = 180 ; document expires after n minutes

;extension                    = php_mssql.dll
mssql.allow_persistent       = On  ; allow or prevent persistent link
mssql.max_persistent         = -1  ; maximum number of persistent links. -1
                                   ; means no limit
mssql.max_links              = -1  ; maximum number of links (persistent+non
                                   ; persistent).  -1 means no limit
mssql.min_error_severity     = 10  ; minimum error severity to display
mssql.min_message_severity   = 10  ; minimum message severity to display
mssql.compatability_mode     = Off ; compatability mode with old versions of
                                   ; PHP 3.0.

;                = On  ; assert(expr); active by default
;assert.warning               = On  ; issue a PHP warning for each failed
                                   ; assertion.
;assert.bail                  = Off ; don't bail out by default.
;assert.callback              = 0   ; user-function to be called if an assertion
                                   ; fails.
;assert.quiet_eval            = 0   ; eval the expression with current
                                   ; error_reporting(). set to true if you want
                                   ; error_reporting(0) around the eval().
; Zend Optimizing compiler added in (Beta 4)
zend_extension_ts="D:\Program Files\Zend\lib\ZendOptimizer.dll"

; Local Variables:
; tab-width: 4
; End:
 [2000-07-11 01:25 UTC] fseesink at usa dot net
And just to head off any questions that may arise, the config is as follows:

D: NTFS partition where
   D:\WINNT located
E: NTFS partition where
   E:\InetPub\wwwroot is the home directory of the website
   E:\InetPub\wwwroot\php\ is where I'm doing my PHP codework
   E:\InetPub\wwwroot\php\sessions is a temp directory where I made those Page#.PHP files to troubleshoot why my scripts weren't working
   E:\InetPub\sessions is the directory where session id files are stored (outside webtree as it should be)

So the error message I received from Page1.PHP make no sense, as the CGI should most definitely NOT be looking at '/tmp' for the session id files, as the error implies.  Why it does is beyond me.

Also, if there is anywhere a more complete explanation of the various items in PHP.INI other than the PHP Manual (which is still lacking in this regard), could someone point it out to me?  Some of the parameter settings are still quite vague and so I've had to leave them as is for the time being.

 [2000-07-11 14:20 UTC] fseesink at usa dot net
More debug info regarding PHP v4.0.1pl2.  I have now tested the errors I have encountered on two different PCs, both running Windows NT Server 4 SP5 with IIS4.  The configs as far as file locations are slightly different:

PC#1 (both D: & E: are NTFS)
D:\WINNT - drive system installed on
E:\InetPub\wwwroot - root of website
E:\InetPub\wwwroot\php - where PHP scripts located
E:\InetPub\wwwroot\php\sessions - where Page1.PHP, Page2.PHP, etc. located
E:\InetPub\sessions - directory where PHP.INI pointed to store session ID files

PC#2 (D: is NTFS)
D:\WINNT - drive system installed on
D:\InetPub\wwwroot - root of website
D:\InetPub\wwwroot\php - where PHP scripts located
D:\InetPub\wwwroot\php\sessions - where Page1.PHP, Page2.PHP, etc. located
D:\InetPub\sessions - directory where PHP.INI pointed to store session ID files

Interestingly enough, on PC#2 the CGI error of "Warning: open(/tmp/sess_f30188520bcdfb68ecd0baf4236475b7, O_RDWR) failed" did not occur.

HOWEVER, one consistent error that I have been able to reproduce on BOTH PCs and that cause the same sequence of errors while using the ISAPI module is the following:

1. Fire up a new browser (to make sure no PHPSESSIDs are set).
2. Load Page1.PHP.  The output of this page does not show a PHPSESSID value as it has been setup but not yet
   transmitted to the client as a cookie.  Checking .\sessions directory shows a sessionid file has indeed been
   created and variable values stored.
3. Click on the Page 2 link to load Page2.PHP.  Now the sessionid created by Page1 is shown and all seems right
    with the world.  Checking .\sessions shows that indeed just one sessionid file exists and $lastaccess updated
    properly in file.
4. Click on the Page 3 link to load Page3.PHP.  Now the madness begins.  No longer showing values for $userid or
    $firstaccess, the page still shows the initial sessionid.  HOWEVER, looking in .\sessions shows that a NEW
    sessionid file has been created (0 bytes).  $lastaccess is updated on the page but not in the sessionid file.
5. Clicking on Page 4 link to load Page4.PHP, we now find the session id shown is that of the 2nd sessionid file
    created. $userid & $firstaccess remain empty, $lastaccess is updated on page but not in a session file, and in
    .\sessions we find yet ANOTHER session id file (0 bytes).
6. Clicking on Page 1 link to return us to Page1.PHP, we now see the session id of the file created when loading
    Page 4, $userid & $firstaccess remain empty, and yet another session id file is created (0 bytes) in .\sessions.
7. Clicking on Page 2 link to load Page2.PHP a second time, interesting thing happens.  Just as the first time around,
    Page2.PHP now shows the sessionid of the file created when loading Page1.PHP (this is the second sessionid
    created by Page1.PHP, mind you, not the original).  $userid & $firstaccess remain empty, but NO NEW SESSION
8. Clicking on Page 3 link to load Page3.PHP, we now see the same session ID that we just saw on Page2.PHP,
    $userid & $firstaccess will remain forever empty, and now once again a new session file (0 bytes) is created in

This pattern repeats itself over and over again.  All the pages except Page2.PHP cause new session id files to be created through each iteration of the loop.  Go figure.

I hope this helps the PHP engine coders out there.  Between this and the various issues I have encountered trying to work with setting cookies & headers, I so far am finding PHP4 to be less than usable.  I've had nothing but frustration attempting to do setcookie(), header() and session_start() in the same file...and no, there's no other output prior to these calls.  The errors do not involve the "header has already been sent" message..  In many cases the cookies simply refuse to be set at all.

Newbies will get quickly frustrated, thinking they do not understand when in fact it is the engine that is failing them.  At least on the IIS side of life.  Yeah yeah, I know, I should use Apache, etc., but right now it's what I'm stuck with.  But being open source and grammatically well-designed, PHP is the only scripting language I will use.

 [2000-07-15 10:02 UTC] fseesink at usa dot net
Quick note:  This same behavior is reproducable in both v4.0.1pl2 and v4.0.1 as I have tested it on both the NT boxes running IIS.

If someone else could create the Page1.php-Page4.php files and see if they get the same result, I would REALLY appreciate it.  I have gotten no feedback whatsoever on this problem, and though I'm pretty convinced this is a bug, it might be helpful to have someone else perform the same test.  Both PCs in question are NT boxes I setup (including following the MS guidelines for security of IIS4), and as such there is the remote possibility I may have done something in the config that has triggered this error, though I can't imagine what.

Thanks much in advance.

 [2000-08-02 01:11 UTC]
At least the ISAPI part is a dup
 [2000-08-30 04:51 UTC] fseesink at usa dot net
Downloaded & installed v4.0.2 (and turned off Zend Optimizer & even rebooted to be sure all was in place) and STILL the problem persists using the Page1.PHP-Page4.PHP example I provided.  I've been watching daily for updates and was so excited & then bummed when the problem continued.

So it now can be found in v4.0.1-v4.0.2.

Hopefully someone can find out what's causing this soon, as all my current project ideas rely on the use of PHP4's session handling capabilities.

Thanks everyone just the same for all the bug fixes you've made so far in v4.0.2.

 [2000-08-30 06:18 UTC]
A quick browse through session.c shows that the correct var is session.cookie_lifetime Ill update the manual.


 [2000-08-30 19:10 UTC] fseesink at usa dot net
Performed more tests.  End result:  The v4.0.2 ISAPI module still suffers from the problem demonstrated by the Page1.PHP-Page4.PHP sample I provided (tested on both PC configurations).

HOWEVER, the CGI version (PHP.EXE v4.0.2) appears to work!!  I have only tested it using PC #2 listed in my post on 2000-07-11 14:20:38.  But I feel confident that things are looking up.

Woo HOO!  Ok, we're definitely headed in the right direction at least.

 [2000-11-08 19:32 UTC]
Does this problem still exist with PHP4.0.3pl1 ?

 [2000-12-07 11:21 UTC]
No feedback.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Feb 28 12:01:26 2020 UTC