PHP :: Bug #71962 :: session_start returns true after timeout, corrupts session data

Bug #71962

session_start returns true after timeout, corrupts session data

Submitted:

2016-04-04 21:52 UTC

Modified:

2018-11-18 22:30 UTC

Votes:	19
Avg. Score:	4.4 ± 0.9
Reproduced:	17 of 18 (94.4%)
Same Version:	5 (29.4%)
Same OS:	3 (17.6%)

From:

woolardfa at appstate dot edu

Assigned:

dmitry (profile)

Status:

No Feedback

Package:

memcached (PECL)

PHP Version:

5.6.20

OS:

OpenSuSE

Private report:

CVE-ID:

None

View Developer Edit

[2016-04-04 21:52 UTC] woolardfa at appstate dot edu

Description:
------------
When configured to use memcached for a session store, session_start returns true when the session lock key was already present (from a previous, long-running page request), and exhausts the retry attempts. An empty $_SESSION super global is created. When in the second page request (e.g. an AJAX call via xhr) finished and calls session_write_close() it then steps on the existing serialized data in memcached, corrupting the session state for the first, and still running page request.

The php-memcached code (php_memcached_session.c, line 85) returns a failure code to PHP session management, but it is being ignored.


Test script:
---------------
Can simulate by adding a key lock value to memcached (via telnet) before a call to session_start.

Expected result:
----------------
session_start to return false

Actual result:
--------------
session_start returns true

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-08-27 06:43 UTC] yohgaki@php.net

-Package: Session related +Package: memcached

[2018-07-30 11:36 UTC] dmitry@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: dmitry

[2018-07-30 11:36 UTC] dmitry@php.net

The report doesn't specify where the s_open() handler failure was ignored.
Now, I can just guess about the reason.

Does the AJAX request perform file upload?
Can you verify, if setting session.upload_progress.enabled=0 in php.ini would fix the problem?

[2018-11-18 22:30 UTC] cmb@php.net

-Status: Feedback +Status: No Feedback

[2018-11-18 22:30 UTC] cmb@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 11 11:01:31 2025 UTC