php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72156 session_regenerate_id(): Session object destruction failed. ID: user (path: /v
Submitted: 2016-05-04 14:23 UTC Modified: 2016-08-27 07:00 UTC
Votes:13
Avg. Score:4.4 ± 1.0
Reproduced:12 of 12 (100.0%)
Same Version:5 (41.7%)
Same OS:8 (66.7%)
From: dimitar dot kudev at netea dot bg Assigned:
Status: Wont fix Package: Session related
PHP Version: 7.0.6 OS: Ubuntu 16.04
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-05-04 14:23 UTC] dimitar dot kudev at netea dot bg
Description:
------------
1. Apache/2.4.18 (Ubuntu)
2. PHP 7.0.4-7ubuntu2
3. 10.0.24-MariaDB-7 Ubuntu 16.04


Type: warning 	
File: /var/www/dragon/library/Zend/Session.php 	
Line: 315 	
Message: session_regenerate_id(): Session object destruction failed.  ID: user (path: /var/lib/php/sessions)
---
From manual page: http://www.php.net/function.session-regenerate-id
---


Test script:
---------------
public static function regenerateId()
    {
        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
            /** @see Zend_Session_Exception */
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ .
                "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
        }

        if ( !self::$_sessionStarted ) {
            self::$_regenerateIdState = -1;
        } else {
            if (!self::$_unitTestEnabled) {
                session_regenerate_id(true);
            }
            self::$_regenerateIdState = 1;
        }
    }


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-27 07:00 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix
 [2016-08-27 07:00 UTC] yohgaki@php.net
Immediate session data destruction while regenerating session ID is _NOT_ recommended strongly. i.e. Do not call session_regenerate_id(TRUE).

There are number of reasons session could misbehave by session_regenerate_id(TRUE).

Refer to https://wiki.php.net/rfc/precise_session_management
Although this RFC was declined, but problems described in the RFC will happen by session_regenerate_id(TRUE). I recommend to manage session data as the RFC does. It could be done by userland also.

That said, I'm not sure why you get the warning. It should not happen under normal circumstance. If you get the error by simply calling  session_regenerate_id(TRUE), please reopen this bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC