php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70871 session_regenerate_id(): Failed to create session ID: user (path: )
Submitted: 2015-11-06 11:36 UTC Modified: 2015-11-13 21:51 UTC
Votes:5
Avg. Score:4.0 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: jacky at xsteach dot com Assigned: yohgaki
Status: Closed Package: Session related
PHP Version: 7.0.0RC6 OS: mac os x
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jacky at xsteach dot com
New email:
PHP Version: OS:

 

 [2015-11-06 11:36 UTC] jacky at xsteach dot com
Description:
------------
before php7RC3,the test script is working well,but a warning is throw after php7RC2.

Test script:
---------------
session_start();
session_destroy();
session_regenerate_id(true);

Expected result:
----------------
output nothing

Actual result:
--------------
Warning: session_regenerate_id(): Cannot regenerate session id

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-06 14:42 UTC] laruence@php.net
-Assigned To: +Assigned To: yohgaki
 [2015-11-06 14:42 UTC] laruence@php.net
this should be a intentional change, https://github.com/php/php-src/commit/e93042998af1fea9204e17bc5cdd13c702156d5b

@yohgaki ?
 [2015-11-08 07:24 UTC] bellosthomas at gmail dot com
Similar problem here
I have a custom session handler storing session in memcache
However, when I invoke session_regenerate_id(true), I get a fatal error
Catchable fatal error: session_regenerate_id(): Failed to create session ID: user
 [2015-11-10 01:55 UTC] yohgaki@php.net
@laruence

Yes. Session becames inactive by calling session_destroy(). Therefore, session_regenerate_id() complains about bogus call as it requires active session to be useful.
 [2015-11-10 18:10 UTC] narf at devilix dot net
With a custom session handler, it also spits out the same error message *immediately after* a session_start() call - at that point, the session is not inactive.

Also, this is a breaking change and should not happen at the RC stage.
 [2015-11-12 02:19 UTC] yohgaki@php.net
@narf

session_start() should never raise error like

Warning: session_regenerate_id(): Cannot regenerate session id - session is not active in - on line 4

If you think it's not your save handler's problem, please file a new bug report with your save handler code. 

Recent (5.6 and up, IIRC) has stricter specification for save handlers. Refer to 
https://bugs.php.net/bug.php?id=70520
even example save handler in the manual was wrong.
 [2015-11-12 18:00 UTC] narf at devilix dot net
@yasuo

I didn't say that session_start() issues that message.

What I'm saying is that calling session_regenerate_id() *immediately after* session_start(), would issue this:

session_regenerate_id(): Failed to create session ID: user (path: <value of session.save_path>)

And I'm kind of proxy-ing a bug report that was submitted to me here: https://github.com/bcit-ci/CodeIgniter/issues/4230
 [2015-11-13 00:39 UTC] yohgaki@php.net
@narf

OK. Could tell me where I can look at the save handler code?
 [2015-11-13 00:44 UTC] yohgaki@php.net
@narf

Is this the save handler?

https://github.com/bcit-ci/CodeIgniter/blob/develop/system/libraries/Session/drivers/Session_redis_driver.php#L162

I haven't looked into detail and don't understand the handler fully, but this function may be the cause of bug. 

Returning FALSE on read will raise the error.
 [2015-11-13 01:20 UTC] yohgaki@php.net
Oops, you are getting other kind of error.

session_regenerate_id(): Failed to create session ID: user (path: <value of session.save_path>)

This error is raised by multiple reasons. The error messages are better to modify so that users can distinguish the cause. Anyway, it may be raised if

 - new session ID creation is failed. (Very unlikely)
 - opening save handler is failed.
 - session ID collision is detected and failed. (Very unlikely)
 - session read with new session ID is failed.

I'll modify error messages to distinguish the cause of your problem.
 [2015-11-13 05:23 UTC] bellosthomas at gmail dot com
I was also getting a fatal error (check comment above), with a custom session handler. After yohgaki's comment about the return value of the read() method, which needs to return a string, I checked my session handler and I saw I was returning boolean false in some cases. Casting the return value to string, solved it.
 [2015-11-13 10:18 UTC] narf at devilix dot net
@yasuo

Yep, that's the session handler in question.
I guess I'll have to wait for your error messages patch ...
 [2015-11-13 11:42 UTC] ab@php.net
Please check this error log records:

[Fri Nov 13 01:59:48.334695 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:48.334860 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_mfmb9rq8qoofsbcigs8ckdhsa4, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:48.334883 2015] [:error] [pid 22639] [client x.x.x.x:10706] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:49.738997 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:49.739178 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_u9aqmuc73nub1g09vkisojjk11, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:49.739198 2015] [:error] [pid 22638] [client x.x.x.x:10707] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:50.534468 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Warning:  session_start(): open(/var/lib/php/sessions/sess_ngds5c5qpok0jm3lcjvmtslqh7, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 16
[Fri Nov 13 01:59:50.534644 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Warning:  session_regenerate_id(): open(/var/lib/php/sessions/sess_aparjtipjng2nnn8sdm8q9drn4, O_RDWR) failed: Permission denied (13) in /some/path/to/file.php on line 23
[Fri Nov 13 01:59:50.534663 2015] [:error] [pid 22637] [client x.x.x.x:10710] PHP Catchable fatal error:  session_regenerate_id(): Failed to create session ID: files (path: /var/lib/php/sessions) in /some/path/to/file.php on line 23

So in my case, I can reproduce it making /var/lib/php/sessions/ not writable to PHP process. This can explain the warning in session_regenerate_id() immediately after session_start() - namely session_start() is failed.

 Now, the original case of session_destroy()+session_regenerate_id() looks like logic. Same as before - no session, no regenerate id. But with a custom session handler, it can be much trickier to figure out, depends on its error reporting. All in all, it still doesn't look. Could we please take a look at the error logs for such cases (possibly with max enabled error reporting)?

In general yes, some finer grained error messages can help on the user side.

Thanks.
 [2015-11-13 21:50 UTC] yohgaki@php.net
I've committed error message patch. Latest code will produce distinguishable error messages. Anyway, original bug report is not a bug. I close this one. If you find any new issue, please open new or use appropriate bug report.
 [2015-11-13 21:51 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu Mar 23 20:01:40 2017 UTC