php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74920 original session id locked after using session_regenerate_id()
Submitted: 2017-07-13 17:57 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: javier at villanueva dot cl Assigned:
Status: Open Package: memcache (PECL)
PHP Version: Irrelevant OS: Centos 6
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-07-13 17:57 UTC] javier at villanueva dot cl
Description:
------------
After using session_regenerate_id(), the memcache session extension doesn't free the lock associated to the original session_id, so if you want to reuse it you have to wait memcache.lock_timeout seconds to pass.

Test script:
---------------
<!-- begin script1.php -->
<?php
session_id( 'testid' );
session_start();
session_regenerate_id(); // new randomly assigned id



<!-- begin script2.php -->
<?php
session_id( 'testid' );
$t = time();
session_start();
print "Elapsed: ".( $t - time() ); // here will display some value near memcache.lock_timeout

Expected result:
----------------
Elapsed: 0

Actual result:
--------------
Elapsed: 15

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Mar 31 08:01:26 2020 UTC