php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75350 set session_name and use session_regenerate_id,session will lose.
Submitted: 2017-10-10 10:16 UTC Modified: 2017-10-10 11:03 UTC
From: freeng at qq dot com Assigned: cmb (profile)
Status: Not a bug Package: Session related
PHP Version: 7.1.10 OS: windows10
Private report: No CVE-ID: None
 [2017-10-10 10:16 UTC] freeng at qq dot com
Description:
------------
---
From manual page: http://www.php.net/function.session-regenerate-id
---
1.set the different value by session_name() to the php.ini
(normal when the same value)
2.set some session value.
3.at new request,the value will lose

Test script:
---------------
//php.ini session.name=ab;
session_name('cd');
session_regenerate_id();
$_SESSION['a'] = 1;
//current request $_SESSION=['a'=>1];
//new request $_SESSION=[];


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-10 10:18 UTC] freeng at qq dot com
1.set the different value by session_name() to the php.ini
(normal when the same value)
2.execute session_regenerate_id();
3.set some session value.
4.at new request,the value will lose
 [2017-10-10 10:25 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2017-10-10 10:25 UTC] cmb@php.net
Apparently, you didn't call session_start()
 [2017-10-10 10:58 UTC] freeng at qq dot com
session auto start.

the new name(cd) session tmp file,content is 
a|i:1;
the ab session tmp file ,content is 
//(null)

right value.

so i looked http://php.net/manual/zh/function.session-name.php
said
----
Thus, you need to call session_name() for every request (and before session_start() or session_register() are called). 
----

so i turn auto start off,
and run
session_name('cd');
session_start();//$_SESSION=['a'=>1];
session_name('ab');//$_SESSION=[];
session_start();//$_SESSION=[];

it's ok.
 [2017-10-10 11:03 UTC] requinix@php.net
Exactly. You can change the session name in code but it's only temporary - PHP won't remember it for next time. You have to change it every time, and it has to be done before PHP tries to access the session data.
 [2018-05-30 10:24 UTC] tony at marston-home dot demon dot co dot uk
Your problem is that you have more than one call to session_start(), and the second call fails just like the documentation says it should.

If you have already used session_start() then you cannot call it again with calling session_write_close() beforehand. Your code should be as follows: 

session_start();
session_name('newname');
session_regenerate_id();
session_write_close();
session_start();
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC