|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5887 Difficulty with session handlers
Submitted: 2000-08-01 06:00 UTC Modified: 2000-08-02 19:53 UTC
From: michael at michaelsmacshack dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1pl2 OS: Caldera - 2.3
Private report: No CVE-ID: None
 [2000-08-01 06:00 UTC] michael at michaelsmacshack dot com
First I have read the documentation both on this site and at ZEND.<br>
The test case was taken from the artical "PHP4 Customer Session <br>
Handler Test Script" by Ying Zhang ( at the<br>
HTTP:// site.<br>
This is a complex issue.  It would be reasonable to expect PHP4 to<br>
behave according to what is set in PHP.ini as a default....  <br>
The following are my results using PHP4.0.1pl2.<br>
1) With 'session.save_handler' not defined (commented out):<br>
    The online documentation for the session_module_name states that <br>
    the 'module' can be set in the call:<br>
          "session_module_name() returns the name of the current <br>
           session module. If module is specified, that module <br>
           will be used instead."<br>
    Any attempt to do so results in an error regardless of whether<br>
    or not any handler has been defined by the user:<br>
        Fatal error: Failed to initialize session module in <br>
        .../handler/test.php on line 38   <br>
        This occurs at the session_start() call.<br>
    Not setting a 'module' will return the current handler.  With<br>
    nothing defined in PHP.ini, a value of 'files' is returned.<br>
    If you define your 'user' handlers and call 'session_set_save_handler'<br>
    before the 'session_module_name' call, a value of user is returned.<br>
    However, any variables registered in this session Do Not maintain<br>
    their value.  It is like the handlers are accepted, but are not used.<br>
    Thus, not having 'session.save_handler' defined in PHP.ini does not<br>
    help.  However, the 'files' modules does work (e.g. no defined user<br>
    handlers) in this situation.<br>
2)  If we define 'session.save_handler' in PHP.ini with a value of 'files',<br>
    then the same results as above occur.<br>
    Thus in this case, we have explicitly defined the handler as file and<br>
    the only thing that works is the 'files' module.<br>
3)  If we define the 'session.save_handler' in PHP.ini with a value of<br>
    'user', then things change to the opposite.  You must define an <br>
    user handler.  If you do not, registered variables are not retained.<br>
    Thus the 'user' module dos work in this case and the variables are<br>
    passed from invocation to invocation.<br>
This leaves us with the following:<br>
    a.  One handler method can be defined at a time.  And only one.<br>
    b.  There is a very tight coupling between the PHP.ini file and<br>
        what can be done by the programmer.<br>
Conclusions.  You can get a 'user' handler defined to track the session<br>
data in a database.  But, it must be only one way for all applications.<br>
(It could be different databases for different applications however.)<br>
It would seem that this is wrong.  It should be reasonable to define one<br>
behavior for one application and another for others.<br>
I hope this has help to clear up a few questions.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-08-01 08:59 UTC]
Please check latest CVS, it should be fixed there
 [2000-08-02 19:36 UTC] michael at michaelsmacshack dot com
I see that you ask to check the latest cvs.  I pulled the
code for mod_files.h/c and php_session.h/c.  Recompiled
PHP4 pl2l with these changes.

It still has problems.  Use of session_module_name(user)
for example appears to set the handlers to'user', but the
value returned is files.  If a subsequent call is make
as session_module_name(); the current state ('user') is 
returned.  So it look like we're trying to set the correct
state, but not returning the "changed" state.

The above is minor.

It also appears that the session_module_name call *must*
occur before the setup of the "user" handlers.  Otherwize
we get an error with the session_start call complainingabout not being able to initialize the session. (see original report).

If session_module_name(files) is made and there are no
user handlers, all is well as would be expected.

if session_module_name(user) is made with user hadlers
then defined, things are not well.  No errors are reported,
but registered varriables are not retained.

The above is with no session.save_handler set in PHP.ini.

Again, if session.save_handler is set for either files or
user, that respective mode works but not the other.

Is there some other file(s) that I should have also included?
Am I doing the correct steps? e.g. session_module_name
followed by setting up the handlers....
 [2000-08-02 19:53 UTC]
Yes, we are talking about other files. Especially about main.c IIRC. Please use a snapshot:

Simply downloading one file might not work, because it might contain changes which depend on changes in other files.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jun 14 10:01:35 2024 UTC