PHP :: Bug #71187 :: session_regenerate_id(): Failed to create(read) session

Bug #71187

session_regenerate_id(): Failed to create(read) session

Submitted:

2015-12-21 20:39 UTC

Modified:

2016-01-15 21:26 UTC

Votes:	17
Avg. Score:	4.6 ± 0.6
Reproduced:	17 of 17 (100.0%)
Same Version:	13 (76.5%)
Same OS:	4 (23.5%)

From:

akauffman at ne4u dot com

Assigned:

yohgaki (profile)

Status:

Closed

Package:

Session related

PHP Version:

7.0.1

OS:

Ubuntu 14.04 LTS

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	akauffman at ne4u dot com
New email:
PHP Version:		OS:

New Comment:

[2015-12-21 20:39 UTC] akauffman at ne4u dot com

Description:
------------
There seems to be a type casting problem with custom session handlers (specifically the memcached module) when session_regenerate_id() is called.  Perhaps related to a null return value.  It looks like it was introduced around 7RC3.

Error:
PHP message: PHP Catchable fatal error:  session_regenerate_id(): Failed to create(read) session ID: user

Test script:
---------------
Problem:
<?php
set_ini('session.save_handler','memcached');
set_ini('session.save_path','host1:11211');

session_start();
$_SESSION['value'] = session_id();
session_regenerate_id();
?>

Work around:
<?php
set_ini('session.save_handler','memcached');
set_ini('session.save_path','host1:11211');

class MemcachedSession extends SessionHandler
{
        public function read($session_id) {
                return (string)parent::read($session_id);
        }
}

$sess = new MemcachedSession();
session_set_save_handler($sess, true);

session_start();
$_SESSION['value'] = session_id();
session_regenerate_id();
?>

Expected result:
----------------
Shouldn't have to implement a workaround.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-12-22 04:30 UTC] laruence@php.net

-Assigned To: +Assigned To: yohgaki

[2015-12-22 05:08 UTC] yohgaki@php.net

When I ported the save handler, I think I made sure it returns string always for successful cases. I'll have a look shortly.

@akauffman, could you give info where did you get the memeached module source code? Just making sure to get the same code.

[2015-12-22 14:22 UTC] coldfff at gmail dot com

In case its any easier for testing, this bug is affecting me too using the Cache Savehandler from ZF2.

The workaround as suggested can also be applied there:
<?php

use Zend\Session\SaveHandler\Cache as ZendCache;

class Cache extends ZendCache
{
    public function read($id)
    {
        return (string) parent::read($id);
    }
}

[2015-12-22 15:22 UTC] akauffman at ne4u dot com

Memcache with php7:


$ git clone https://github.com/php-memcached-dev/php-memcached
$ cd php-memcached
$ git checkout -b php7 origin/php7

$ /usr/local/php7/bin/phpize
$ ./configure --with-php-config=/usr/local/php7/bin/php-config
$ make
$ sudo make install


modules.ini
# Memcached
extension=memcached.so

[2015-12-24 15:04 UTC] ivun at wirebyte dot com

Hello!

We are having exactly the same problem. In addition, this seems to be a major problem, because the memcache (alternative to memcached) driver is not available any more and this bugs prevents from upgrading to PHP7. Looking forward for the fix!

[2016-01-06 12:31 UTC] andrew dot mcgrath at fasttrackit dot com dot au

I'm experiencing this issue too, but I wanted to confirm that the work around described in the bug report seems to function as a reasonable work around.

[2016-01-15 21:26 UTC] yohgaki@php.net

-Status: Assigned +Status: Closed

[2016-01-15 21:26 UTC] yohgaki@php.net

Please note that

 - PHP 7.0 and up does not allow buggy return values from user save handler.
user read handler MUST return "string" data for success always.
 - Native save handler must return SUCCESS for successful cases including non-existing session data. 
 - FALSE/failure means "Something wrong in read" such as permission/network/etc errors.


Checked memcached code and it needs this patch.

@@ -326,6 +326,8 @@ PS_READ_FUNC(memcached)
 		*val = zend_string_init(payload, payload_len, 1);
 		free(payload);
 		return SUCCESS;
+	} else if (status = MEMCACHED_NOTFOUND) {
+		*val = ZSTR_EMPTY_ALLOC();
 	} else {
 		return FAILURE;
 	}

I made PR including new session features.
https://github.com/php-memcached-dev/php-memcached/pull/164

Since this is not PHP session module bug, closed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 03:01:29 2024 UTC