php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71187 session_regenerate_id(): Failed to create(read) session
Submitted: 2015-12-21 20:39 UTC Modified: 2016-01-15 21:26 UTC
Votes:17
Avg. Score:4.6 ± 0.6
Reproduced:17 of 17 (100.0%)
Same Version:13 (76.5%)
Same OS:4 (23.5%)
From: akauffman at ne4u dot com Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 7.0.1 OS: Ubuntu 14.04 LTS
Private report: No CVE-ID: None
 [2015-12-21 20:39 UTC] akauffman at ne4u dot com
Description:
------------
There seems to be a type casting problem with custom session handlers (specifically the memcached module) when session_regenerate_id() is called.  Perhaps related to a null return value.  It looks like it was introduced around 7RC3.

Error:
PHP message: PHP Catchable fatal error:  session_regenerate_id(): Failed to create(read) session ID: user

Test script:
---------------
Problem:
<?php
set_ini('session.save_handler','memcached');
set_ini('session.save_path','host1:11211');

session_start();
$_SESSION['value'] = session_id();
session_regenerate_id();
?>

Work around:
<?php
set_ini('session.save_handler','memcached');
set_ini('session.save_path','host1:11211');

class MemcachedSession extends SessionHandler
{
        public function read($session_id) {
                return (string)parent::read($session_id);
        }
}

$sess = new MemcachedSession();
session_set_save_handler($sess, true);

session_start();
$_SESSION['value'] = session_id();
session_regenerate_id();
?>

Expected result:
----------------
Shouldn't have to implement a workaround.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-22 04:30 UTC] laruence@php.net
-Assigned To: +Assigned To: yohgaki
 [2015-12-22 05:08 UTC] yohgaki@php.net
When I ported the save handler, I think I made sure it returns string always for successful cases. I'll have a look shortly.

@akauffman, could you give info where did you get the memeached module source code? Just making sure to get the same code.
 [2015-12-22 14:22 UTC] coldfff at gmail dot com
In case its any easier for testing, this bug is affecting me too using the Cache Savehandler from ZF2.

The workaround as suggested can also be applied there:
<?php

use Zend\Session\SaveHandler\Cache as ZendCache;

class Cache extends ZendCache
{
    public function read($id)
    {
        return (string) parent::read($id);
    }
}
 [2015-12-22 15:22 UTC] akauffman at ne4u dot com
Memcache with php7:


$ git clone https://github.com/php-memcached-dev/php-memcached
$ cd php-memcached
$ git checkout -b php7 origin/php7

$ /usr/local/php7/bin/phpize
$ ./configure --with-php-config=/usr/local/php7/bin/php-config
$ make
$ sudo make install


modules.ini
# Memcached
extension=memcached.so
 [2015-12-24 15:04 UTC] ivun at wirebyte dot com
Hello!

We are having exactly the same problem. In addition, this seems to be a major problem, because the memcache (alternative to memcached) driver is not available any more and this bugs prevents from upgrading to PHP7. Looking forward for the fix!
 [2016-01-06 12:31 UTC] andrew dot mcgrath at fasttrackit dot com dot au
I'm experiencing this issue too, but I wanted to confirm that the work around described in the bug report seems to function as a reasonable work around.
 [2016-01-15 21:26 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2016-01-15 21:26 UTC] yohgaki@php.net
Please note that

 - PHP 7.0 and up does not allow buggy return values from user save handler.
user read handler MUST return "string" data for success always.
 - Native save handler must return SUCCESS for successful cases including non-existing session data. 
 - FALSE/failure means "Something wrong in read" such as permission/network/etc errors.


Checked memcached code and it needs this patch.

@@ -326,6 +326,8 @@ PS_READ_FUNC(memcached)
 		*val = zend_string_init(payload, payload_len, 1);
 		free(payload);
 		return SUCCESS;
+	} else if (status = MEMCACHED_NOTFOUND) {
+		*val = ZSTR_EMPTY_ALLOC();
 	} else {
 		return FAILURE;
 	}

I made PR including new session features.
https://github.com/php-memcached-dev/php-memcached/pull/164

Since this is not PHP session module bug, closed.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Sep 15 05:01:26 2019 UTC