PHP :: Bug #65795 :: session_start() returns TRUE if session fails to start

Bug #65795

session_start() returns TRUE if session fails to start

Submitted:

2013-10-01 07:32 UTC

Modified:

2021-06-09 11:53 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

interrobang at noicq dot org

Assigned:

cmb (profile)

Status:

Closed

Package:

memcached (PECL)

PHP Version:

Irrelevant

OS:

Debian Squeeze

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	interrobang at noicq dot org
New email:
PHP Version:		OS:

New/Additional Comment:

[2013-10-01 07:32 UTC] interrobang at noicq dot org

Description:
------------
session_start(); returns TRUE if PHP configured to use mamcached instead of session files and memcached is down/not reachable.

Package php5-cgi:
PHP 5.3.3-7+squeeze17

Package memcached:
Version: 1.4.5-1

Package php5-memcached:
Version: 1.0.2-1+squeeze2

PHP config:
session.save_handler = memcached
session.save_path = "localhost:11211"

Test script:
---------------
$r = session_start();var_dump($r);die();

Expected result:
----------------
bool(false)
Warning: Unknown: Failed to write session data (memcached). Please verify that the current setting of session.save_path is correct (localhost:11211) in Unknown on line 0

Actual result:
--------------
bool(true)
Warning: Unknown: Failed to write session data (memcached). Please verify that the current setting of session.save_path is correct (localhost:11211) in Unknown on line 0

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-10-01 17:39 UTC] aharvey@php.net

-Package: *General Issues +Package: memcached

[2016-04-04 21:20 UTC] woolardfa at appstate dot edu

additionally, the when configured to used memcached for a session store, the session_start() method will return true when the attempt to add the "lock" value has timed out due to collision (retries are exhausted), and return an empty $_SESSION superglobal. When session_write_close() is called, the second page request then clobbers the session data that was present and being used by the first page request.

[2021-06-09 11:53 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2021-06-09 11:53 UTC] cmb@php.net

The memcached bug tracker is now on Github[1].  If this is still
an issue with the current memcached version, please report there.

[1] <https://github.com/php-memcached-dev/php-memcached/issues>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 15:01:29 2024 UTC