php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65475 Session ID is not initialized when session.usr_strict_mode=1
Submitted: 2013-08-19 03:17 UTC Modified: 2013-08-20 23:04 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: php at tokumaru dot org Assigned: yohgaki
Status: Closed Package: Session related
PHP Version: 5.5.2 OS: any
Private report: No CVE-ID:
 [2013-08-19 03:17 UTC] php at tokumaru dot org
Description:
------------
In the case of session.use_strict_mode = On, a wrong session cookie is generated.

Test script:
---------------
<?php
  session_start();
  $_SESSION['msg'] = 'hello';
  echo 'session_id: ' . session_id();

Expected result:
----------------
A valid session cookie is generated.


Actual result:
--------------
A wrong session cookie is generated.

The HTTP Response (Summary):

HTTP/1.1 200 OK
Set-Cookie: PHPSESSID=de3vsil36bfs3829rhnspq0oo7; path=/
Content-Length: 38
Content-Type: text/html

session_id: ocjalnfd088dd90eppb1hr14h3


The Session File:

$ sudo cat /tmp/sess_ocjalnfd088dd90eppb1hr14h3
msg|s:5:"hello";

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-20 00:54 UTC] william dot a dot bartlett at gmail dot com
Could not reproduce using Fedora 19 PHP 5.5.1 - possible regression.
 [2013-08-20 20:17 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-20 20:53 UTC] yohgaki@php.net
It is passing uninitialized PS(id). I'll look into what's wrong.
 [2013-08-20 21:49 UTC] yohgaki@php.net
Fix for files save handler. I'll prepare fix for other save handlers if there is 
problem before 5.5.3 if it's possible.

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index e5733b4..004d9d4 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -338,13 +338,13 @@ PS_READ_FUNC(files)
                if (!PS(id)) {
                        return FAILURE;
                }
-               php_session_reset_id(TSRMLS_C);
                if (PS(use_cookies)) {
                        PS(send_cookie) = 1;
                }
+               php_session_reset_id(TSRMLS_C);
        }
 
-       ps_files_open(data, key TSRMLS_CC);
+       ps_files_open(data, PS(id) TSRMLS_CC);
        if (data->fd < 0) {
                return FAILURE;
        }
 [2013-08-20 23:04 UTC] yohgaki@php.net
-Summary: wrong session cookie is generated on session.use_strict_mode +Summary: Session ID is not initialized when session.usr_strict_mode=1 -Operating System: Ubuntu +Operating System: any
 [2013-08-20 23:14 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 [2013-08-20 23:14 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2013-08-20 23:14 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d2a99a7c315beba3fcecd5c4a47d6ce1d1a78283
Log: Fixed Bug #65475
 [2013-08-21 02:07 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 [2013-11-17 09:30 UTC] laruence@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d2a99a7c315beba3fcecd5c4a47d6ce1d1a78283
Log: Fixed Bug #65475
 [2013-11-17 09:30 UTC] laruence@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=16411586449c7562b840d6226f6ef55f567c35f3
Log: Fixed Bug #65475
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 21:01:55 2014 UTC