#34524 [Fbk->Opn]: session_regenerate_id doubles request

Fri, 16 Sep 2005 04:47:36 -0700 

 ID:               34524
 User updated by:  zoom at atlas dot sk
 Reported By:      zoom at atlas dot sk
-Status:           Feedback
+Status:           Open
 Bug Type:         Session related
 Operating System: WinXP
 PHP Version:      5.1.0RC1
 New Comment:

here is sniplet of my code that should authentificate user, rewrite
current session_id, assign some attribute to it and let him go to next
page.

//
session_start()
session_regenerate_id(true);
  
$sql = "INSERT INTO logins VALUES  ('{$log_date}','{$IP['addr']}')";
                  
$db->query($sql);
  
$_SESSION['userid'] = $uid;

$link = "Location: http://"; . $CONFIG['APP_HOST'] . "in/";
 
session_commit();
header($link);

// expected behaviour
1. rewrite session id (I use cookies to propagate SID) and keep current
attributes.
2. remove old session file from filesystem
3. insert 1 record into database
4. add new attribute into $_SESSION['uid']
5. redirect user to new page

// actual results
1. rewrite session id (cookie) and file
2. remove old session file (*randomly* error "Warning:
session_regenerate_id() [function.session-regenerate-id]: Session
object destruction failed in" occurs!)
3. 2 records are inserted into database (instead of one)
4. ok
5. if no error occured in point 2, then redirect is ok.

Used system is
WinXP - SP2
PHP5.1RC2 instaled in SAPI mode
Apache 2.0.53
Clients used: IE6, Firefox1.0.6


Previous Comments:
------------------------------------------------------------------------

[2005-09-16 12:01:12] [EMAIL PROTECTED]

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.




------------------------------------------------------------------------

[2005-09-16 11:59:38] zoom at atlas dot sk

Description:
------------
I use following order of code after users log-in, to regenerate session
id.

session_start()

...checking values...
...assigning values into $_SESSION

session_regenerate_id(true)

...inserting into database, date and IP of log event.

session_commit()

header() redirect into another page to show private content.

----
interesting thing is, that every time I run this script I get 2!
inserts into database - as there were 2 logins occured. 

I use IE6 and FF and have also *random* problems with session_destroy()
function. 
In debugging process I uncovered this above.




------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=34524&edit=1

Reply via email to