php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #63278 Session locking is not described at all
Submitted: 2012-10-14 19:41 UTC Modified: 2013-01-16 19:26 UTC
From: sven at rtbg dot de Assigned:
Status: Duplicate Package: Session related
PHP Version: Irrelevant OS: any
Private report: No CVE-ID: None
 [2012-10-14 19:41 UTC] sven at rtbg dot de
Description:
------------
---
From manual page: http://www.php.net/function.session-set-save-handler
---
Session locking is not described at all. The callbacks for "open" and "close" must aquire a write lock on the ressource that stores the session data. If this is not done, race conditions will destroy the data.

The internal files handler gets it right.

The Example #2, which reimplements this handler, gets it wrong!

I don't know about any other internal save handler, like sqlite or memcached.

This one is a duplicate of Bug #55624, but with better explanation and more code. :)

Test script:
---------------
Please see http://pastebin.com/EbqigxmY



Expected result:
----------------
When running the script from http://pastebin.com/EbqigxmY the expected behaviour is that all three iframes get filled one after another, with 1 second break between each.

The last response should list all three subrequests and the master request in the var_dump().

Actual result:
--------------
Using the example #2 code, all iframes get filled after 1 second, and all of them only report the master request and its own subrequest in the dump.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-16 19:26 UTC] googleguy@php.net
Dup bug #55624
 [2013-01-16 19:26 UTC] googleguy@php.net
-Status: Open +Status: Duplicate
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Nov 24 04:01:32 2024 UTC