https and sessions causes multiple session files in /tmp
Posted: Sun Apr 18, 2004 5:50 pm
I have very strange behaviour with sessions and https on a Redhat enterprise server (kernel 2.4.21-9.0.1.ELsmp), running apache 2.0.48 and PHP 4.3.6RC1 and openssl 0.9.7c....
I pared this down and created 3 scripts as follows:
TEST1.PHP
<?php
session_name('testsess');
session_start();
$_SESSION['test_var1'] = "hello, this is test var 1";
print_r ($_SESSION);
print "<br><a href=\"test2.php\">Go to next script...</a>";
?>
--------------------------------
TEST2.PHP
<?php
session_name('testsess');
session_start();
$_SESSION['test_var2'] = "hello, this is test var 2";
print_r ($_SESSION);
print "<br><a href=\"test3.php\">Go to final script...</a>";
?>
--------------------------------
TEST3.PHP
<?php
session_name('testsess');
session_start();
print_r ($_SESSION);
?>
--------------------------------
The output of the final script is sometimes: "Array ( )"
and sometimes: Array ( [test_var1] => hello, this is test var 1 [test_var2] => hello, this is test var 2 )
and sometimes:Array ( [test_var2] => hello, this is test var 2 )
It usually (but not every time) creates 2 session files in /tmp, one containing the info from test_var1 and one containing the info from test_var2.
There is no consistency or rhyme/reason as to when it will display what! I have tried adding session_destroy() in the first script and it does nothing! It works consistently on a non-ssl port (port 80), but only if I remove the session_name('testsess') line! Removing that line on the secure side makes no difference! The scripts work flawlessy on a secure port on a 4.3.6 PHP install on a RedHat 9 build. I have tried 4.3.5RC1 on the Redhat enterprise server and have the same problem. So, it seems like it's specific to that machine/build!
The session vars in php.ini are as follows:
session.auto_start Off
session.bug_compat_42 On
session.bug_compat_warn On
session.cache_expire 180
session.cache_limiter nocache
session.cookie_domain no value
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure Off
session.entropy_file no value
session.entropy_length 0
session.gc_divisor 100
session.gc_maxlifetime 1440
session.gc_probability 1
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /tmp
session.serialize_handler php
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid Off
Anyone got any clues?
Thanks,
Marty
I pared this down and created 3 scripts as follows:
TEST1.PHP
<?php
session_name('testsess');
session_start();
$_SESSION['test_var1'] = "hello, this is test var 1";
print_r ($_SESSION);
print "<br><a href=\"test2.php\">Go to next script...</a>";
?>
--------------------------------
TEST2.PHP
<?php
session_name('testsess');
session_start();
$_SESSION['test_var2'] = "hello, this is test var 2";
print_r ($_SESSION);
print "<br><a href=\"test3.php\">Go to final script...</a>";
?>
--------------------------------
TEST3.PHP
<?php
session_name('testsess');
session_start();
print_r ($_SESSION);
?>
--------------------------------
The output of the final script is sometimes: "Array ( )"
and sometimes: Array ( [test_var1] => hello, this is test var 1 [test_var2] => hello, this is test var 2 )
and sometimes:Array ( [test_var2] => hello, this is test var 2 )
It usually (but not every time) creates 2 session files in /tmp, one containing the info from test_var1 and one containing the info from test_var2.
There is no consistency or rhyme/reason as to when it will display what! I have tried adding session_destroy() in the first script and it does nothing! It works consistently on a non-ssl port (port 80), but only if I remove the session_name('testsess') line! Removing that line on the secure side makes no difference! The scripts work flawlessy on a secure port on a 4.3.6 PHP install on a RedHat 9 build. I have tried 4.3.5RC1 on the Redhat enterprise server and have the same problem. So, it seems like it's specific to that machine/build!
The session vars in php.ini are as follows:
session.auto_start Off
session.bug_compat_42 On
session.bug_compat_warn On
session.cache_expire 180
session.cache_limiter nocache
session.cookie_domain no value
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure Off
session.entropy_file no value
session.entropy_length 0
session.gc_divisor 100
session.gc_maxlifetime 1440
session.gc_probability 1
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /tmp
session.serialize_handler php
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid Off
Anyone got any clues?
Thanks,
Marty