php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72156 session_regenerate_id(): Session object destruction failed. ID: user (path: /v
Submitted: 2016-05-04 14:23 UTC Modified: 2016-08-27 07:00 UTC
Votes:13
Avg. Score:4.4 ± 1.0
Reproduced:12 of 12 (100.0%)
Same Version:5 (41.7%)
Same OS:8 (66.7%)
From: dimitar dot kudev at netea dot bg Assigned:
Status: Wont fix Package: Session related
PHP Version: 7.0.6 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dimitar dot kudev at netea dot bg
New email:
PHP Version: OS:

 

 [2016-05-04 14:23 UTC] dimitar dot kudev at netea dot bg 
Description:
------------
1. Apache/2.4.18 (Ubuntu)
2. PHP 7.0.4-7ubuntu2
3. 10.0.24-MariaDB-7 Ubuntu 16.04


Type: warning 	
File: /var/www/dragon/library/Zend/Session.php 	
Line: 315 	
Message: session_regenerate_id(): Session object destruction failed.  ID: user (path: /var/lib/php/sessions)
---
From manual page: http://www.php.net/function.session-regenerate-id
---


Test script:
---------------
public static function regenerateId()
    {
        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
            /** @see Zend_Session_Exception */
            require_once 'Zend/Session/Exception.php';
            throw new Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ .
                "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
        }

        if ( !self::$_sessionStarted ) {
            self::$_regenerateIdState = -1;
        } else {
            if (!self::$_unitTestEnabled) {
                session_regenerate_id(true);
            }
            self::$_regenerateIdState = 1;
        }
    }

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-27 07:00 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix
 [2016-08-27 07:00 UTC] yohgaki@php.net 
Immediate session data destruction while regenerating session ID is _NOT_ recommended strongly. i.e. Do not call session_regenerate_id(TRUE).

There are number of reasons session could misbehave by session_regenerate_id(TRUE).

Refer to https://wiki.php.net/rfc/precise_session_management
Although this RFC was declined, but problems described in the RFC will happen by session_regenerate_id(TRUE). I recommend to manage session data as the RFC does. It could be done by userland also.

That said, I'm not sure why you get the warning. It should not happen under normal circumstance. If you get the error by simply calling  session_regenerate_id(TRUE), please reopen this bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 19:01:29 2024 UTC