php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71962 session_start returns true after timeout, corrupts session data
Submitted: 2016-04-04 21:52 UTC Modified: 2018-11-18 22:30 UTC
Votes:15
Avg. Score:4.4 ± 0.9
Reproduced:13 of 14 (92.9%)
Same Version:5 (38.5%)
Same OS:3 (23.1%)
From: woolardfa at appstate dot edu Assigned: dmitry (profile)
Status: No Feedback Package: memcached (PECL)
PHP Version: 5.6.20 OS: OpenSuSE
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-04-04 21:52 UTC] woolardfa at appstate dot edu
Description:
------------
When configured to use memcached for a session store, session_start returns true when the session lock key was already present (from a previous, long-running page request), and exhausts the retry attempts. An empty $_SESSION super global is created. When in the second page request (e.g. an AJAX call via xhr) finished and calls session_write_close() it then steps on the existing serialized data in memcached, corrupting the session state for the first, and still running page request.

The php-memcached code (php_memcached_session.c, line 85) returns a failure code to PHP session management, but it is being ignored.


Test script:
---------------
Can simulate by adding a key lock value to memcached (via telnet) before a call to session_start.

Expected result:
----------------
session_start to return false

Actual result:
--------------
session_start returns true

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-27 06:43 UTC] yohgaki@php.net
-Package: Session related +Package: memcached
 [2018-07-30 11:36 UTC] dmitry@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: dmitry
 [2018-07-30 11:36 UTC] dmitry@php.net
The report doesn't specify where the s_open() handler failure was ignored.
Now, I can just guess about the reason.

Does the AJAX request perform file upload?
Can you verify, if setting session.upload_progress.enabled=0 in php.ini would fix the problem?
 [2018-11-18 22:30 UTC] cmb@php.net
-Status: Feedback +Status: No Feedback
 [2018-11-18 22:30 UTC] cmb@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jul 12 23:01:26 2020 UTC