php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #62116 session expiration always use timestamps
Submitted: 2012-05-23 06:56 UTC Modified: 2012-05-23 07:01 UTC
Votes:3
Avg. Score:2.7 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: pcdwarf at pcdwarf dot net Assigned:
Status: Open Package: memcached (PECL)
PHP Version: 5.3.3 OS: any
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-05-23 06:56 UTC] pcdwarf at pcdwarf dot net
Description:
------------
The session system always specify expiration by timestamp.
This is ok but it can lead to premature session expiration if the web server and the memcache server do not share the same clock and are out of sync.
I suggest to switch to relative mode and only use absolute mode when session.gc_maxlifetime is greater than 30 days.

see https://github.com/memcached/memcached/blob/master/doc/protocol.txt







Test script:
---------------
file php_memcached.c : line 2526

    if (sess_lifetime > 0) {
        expiration = time(NULL) + sess_lifetime;
    } else {
        expiration = 0;
    }

can be

    if (sess_lifetime > 0) {
        expiration = sess_lifetime;
        if (sess_lifetime >= 2592000) expiration += time(NULL);
    } else {
        expiration = 0;
    }



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-23 07:01 UTC] pcdwarf at pcdwarf dot net
-PHP Version: 5.4.3 +PHP Version: 5.3.3
 [2012-05-23 07:01 UTC] pcdwarf at pcdwarf dot net
oops; ths is for php 5.3.
I didn't checked the same bug exists for 5.4
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Apr 23 00:01:25 2019 UTC