Edit report at http://bugs.php.net/bug.php?id=38104&edit=1
ID: 38104
Comment by: vdklah at hotmail dot com
Reported by: m dot v dot veluw dot smscity at gmail dot com
Summary: session_start()/session_write_close() creates
multiple session cookies headers
Status: Bogus
Type: Bug
Package: Session related
Operating System: any
PHP Version: 5.1.4
Block user comment: N
Private report: N
New Comment:
I can not tell how much I disagree on this. Calling session_start()
followed by session_write_close() is a very valid way to avoid blocking
multiple processes. (See also here
http://konrness.com/php5/how-to-prevent-blocking-php-requests/.) This
problem is huge since we are facing fatal crashing clients due to
zillions of duplicate PHPSESSID entries in one cookie. Our server is big
and complicated and so we are not willing to change anything in this
area while all is already taken in production. Totally stuck on this and
I'm not happy. This is a very obvious PHP bug that can be proven in 4
lines of code without any client intervention.
Previous Comments:
------------------------------------------------------------------------
[2006-07-14 20:46:11] [email protected]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Session is created every time you call session_start(). If you
want to avoid multiple cookie, write better code. Multiple
session_start() especially for the same names in the same
script seems like a really bad idea.
------------------------------------------------------------------------
[2006-07-14 10:23:58] m dot v dot veluw dot smscity at gmail dot com
Description:
------------
When using session_start() and session_write_close() with the same
session id/name will add multiple session cookies with the exact same
contents everytime session_start is used.
This is useless overhead if it is the same.
Reproduce code:
---------------
session_name('uniqueName1');
session_start();
$_SESSION['Foo1'] = 'Bar1';
session_write_close();
session_name('uniqueName2');
session_start();
$_SESSION['Foo2'] = 'Bar2';
session_write_close();
session_name('uniqueName1');
session_start();
$sessionValue = $_SESSION['Foo1'];
print $sessionValue;
session_write_close();
session_name('uniqueName2');
session_start();
$sessionValue = $_SESSION['Foo2'];
print $sessionValue;
session_write_close();
Expected result:
----------------
just 1 session cookie header for uniqueName1.
just 1 session cookie header for uniqueName2.
Actual result:
--------------
2 session cookie headers for uniqueName1, where both are exactly the
same
2 session cookie headers for uniqueName2, where both are exactly the
same
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=38104&edit=1
