php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #62116 session expiration always use timestamps
Submitted: 2012-05-23 06:56 UTC Modified: 2021-06-09 11:31 UTC
Votes:3
Avg. Score:2.7 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: pcdwarf at pcdwarf dot net Assigned: cmb (profile)
Status: Closed Package: memcached (PECL)
PHP Version: 5.3.3 OS: any
Private report: No CVE-ID: None
View Developer Edit
 [2012-05-23 06:56 UTC] pcdwarf at pcdwarf dot net 
Description:
------------
The session system always specify expiration by timestamp.
This is ok but it can lead to premature session expiration if the web server and the memcache server do not share the same clock and are out of sync.
I suggest to switch to relative mode and only use absolute mode when session.gc_maxlifetime is greater than 30 days.

see https://github.com/memcached/memcached/blob/master/doc/protocol.txt







Test script:
---------------
file php_memcached.c : line 2526

    if (sess_lifetime > 0) {
        expiration = time(NULL) + sess_lifetime;
    } else {
        expiration = 0;
    }

can be

    if (sess_lifetime > 0) {
        expiration = sess_lifetime;
        if (sess_lifetime >= 2592000) expiration += time(NULL);
    } else {
        expiration = 0;
    }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-23 07:01 UTC] pcdwarf at pcdwarf dot net
-PHP Version: 5.4.3 +PHP Version: 5.3.3
 [2012-05-23 07:01 UTC] pcdwarf at pcdwarf dot net 
oops; ths is for php 5.3.
I didn't checked the same bug exists for 5.4
 [2021-06-09 11:31 UTC] cmb@php.net 
The memcached bug tracker is now on Github[1].  If this is still
an issue with the current memcached version, please report there.

[1] <https://github.com/php-memcached-dev/php-memcached/issues>
 [2021-06-09 11:31 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 12:01:30 2024 UTC