php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71972 Cyclic references causing session_start(): Failed to decode session object.
Submitted: 2016-04-06 07:42 UTC Modified: 2016-04-15 17:54 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: b dot curtis at dfusion dot com Assigned:
Status: Closed Package: Session related
PHP Version: 7.0.5 OS: Ubuntu 14.04.4 LTS
Private report: No CVE-ID:
 [2016-04-06 07:42 UTC] b dot curtis at dfusion dot com
Description:
------------
Particular combination of session data causes "PHP Warning:  session_start(): Failed to decode session object."
Found in our web application but recreated in the test CLI script below.

Steps to reproduce:
1) run this file once. Session data is saved.
2) Run again. Session cannot be decoded.
3) Remove session file /tmp/sess_sessiontest. If it wasn't already removed by the session_decode failing.
4) Comment out the $_SESSION['boogie'] line
5) Run again, and again and again and again.......No bug!



Test script:
---------------
<?php

$session_id = 'sessiontest';

session_id($session_id);
session_start();
$_SESSION['boogie'] = 1;//NOTE: Comment out this line for step 4

$_SESSION['obj1'] = new stdClass();
for ( $x=2; $x < 20; $x++) {//NOTE: In my tests the number needed varied but was always between 10 and 20
     cyclic_ref($x);
}


function cyclic_ref($num) {
         $_SESSION['obj'.$num] = new stdClass();
         $_SESSION['obj'.$num]->test = new stdClass();//NOTE: No bug if try commenting out this too.
         $_SESSION['obj'.$num]->obj1 = $_SESSION['obj1'];
}


Expected result:
----------------
When session successfully decoded no output.

Actual result:
--------------
#first run - success. Session written.
$ php sessiontest.php

#second run. Fail. Session cannot be decoded.

~$ php sessiontest.php
PHP Warning:  session_start(): Failed to decode session object. Session has been destroyed in /path/sessiontest.php on line 16

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-04-15 13:45 UTC] laruence@php.net
-Status: Open +Status: Analyzed
 [2016-04-15 13:45 UTC] laruence@php.net
this is becuase hash table resize.... I don't have a fix now :<
 [2016-04-16 04:09 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05d53dee7d70a94c0cef57ae2dae735f98a3d833
Log: Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object)
 [2016-04-16 04:09 UTC] laruence@php.net
-Status: Analyzed +Status: Closed
 [2016-07-20 11:32 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05d53dee7d70a94c0cef57ae2dae735f98a3d833
Log: Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Feb 28 14:01:40 2017 UTC