PHP :: Bug #74920 :: original session id locked after using session_regenerate

Bug #74920

original session id locked after using session_regenerate_id()

Submitted:

2017-07-13 17:57 UTC

Modified:

2021-03-25 16:40 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

javier at villanueva dot cl

Assigned:

cmb (profile)

Status:

Closed

Package:

memcache (PECL)

PHP Version:

Irrelevant

OS:

Centos 6

Private report:

CVE-ID:

None

View Developer Edit

[2017-07-13 17:57 UTC] javier at villanueva dot cl

Description:
------------
After using session_regenerate_id(), the memcache session extension doesn't free the lock associated to the original session_id, so if you want to reuse it you have to wait memcache.lock_timeout seconds to pass.

Test script:
---------------
<!-- begin script1.php -->
<?php
session_id( 'testid' );
session_start();
session_regenerate_id(); // new randomly assigned id



<!-- begin script2.php -->
<?php
session_id( 'testid' );
$t = time();
session_start();
print "Elapsed: ".( $t - time() ); // here will display some value near memcache.lock_timeout

Expected result:
----------------
Elapsed: 0

Actual result:
--------------
Elapsed: 15

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-25 16:40 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2021-03-25 16:40 UTC] cmb@php.net

The official bug tracker for PECL/memcache is now at
<https://github.com/websupport-sk/pecl-memcache/issues>.

So, if this is still an issue with either of the current memcache
versions (4 or 8), please file an issue there.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 02 13:01:34 2025 UTC