php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72156 session_regenerate_id(): Session object destruction failed. ID: user (path: /v
Submitted: 2016-05-04 14:23 UTC Modified: 2016-08-27 07:00 UTC
Votes:13
Avg. Score:4.4 ± 1.0
Reproduced:12 of 12 (100.0%)
Same Version:5 (41.7%)
Same OS:8 (66.7%)
From: dimitar dot kudev at netea dot bg Assigned:
Status: Wont fix Package: Session related
PHP Version: 7.0.6 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Developer Edit
 [2016-05-04 14:23 UTC] dimitar dot kudev at netea dot bg 
Description:
------------
1. Apache/2.4.18 (Ubuntu)
2. PHP 7.0.4-7ubuntu2
3. 10.0.24-MariaDB-7 Ubuntu 16.04


Type: warning 	
File: /var/www/dragon/library/Zend/Session.php 	
Line: 315 	
Message: session_regenerate_id(): Session object destruction failed.  ID: user (path: /var/lib/php/sessions)
---
From manual page: http://www.php.net/function.session-regenerate-id
---


Test script:
---------------
public static function regenerateId()
    {
        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
            /** @see Zend_Session_Exception */
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ .
                "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
        }

        if ( !self::$_sessionStarted ) {
            self::$_regenerateIdState = -1;
        } else {
            if (!self::$_unitTestEnabled) {
                session_regenerate_id(true);
            }
            self::$_regenerateIdState = 1;
        }
    }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-27 07:00 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix
 [2016-08-27 07:00 UTC] yohgaki@php.net 
Immediate session data destruction while regenerating session ID is _NOT_ recommended strongly. i.e. Do not call session_regenerate_id(TRUE).

There are number of reasons session could misbehave by session_regenerate_id(TRUE).

Refer to https://wiki.php.net/rfc/precise_session_management
Although this RFC was declined, but problems described in the RFC will happen by session_regenerate_id(TRUE). I recommend to manage session data as the RFC does. It could be done by userland also.

That said, I'm not sure why you get the warning. It should not happen under normal circumstance. If you get the error by simply calling  session_regenerate_id(TRUE), please reopen this bug.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Sat Jan 03 07:00:01 2026 UTC