Date: Tue, 25 May 2004 14:00:05 -0400 From: "Michael R. Wayne" <wayne@staff.msen.com> To: freebsd-isp@freebsd.org Subject: PHP issue on FreeBSD Message-ID: <200405251800.i4PI05Mm097989@manor.msen.com>
next in thread | raw e-mail | index | archive | help
I'm mentioning this here becasue the PHP list seems not to have a clue and I had someone test this on both Mac and Linux and it works OK there. I updated a jail running on FreeBSD 4.8 from Apache 1.3.26 PHP 4.1.2 to Apache 1.3.31 PHP 4.3.6 and sessions broke. All the gory details are included below from a post I made to the PHP list. I'm looking for ideas as to how to debug this, ANY clues would be appreciated. /\/\ \/\/ Session support worked fine in 4.1.2. It's broken in 4.3.4 and 4.3.6. The relevant session variables are: Session Support enabled (as per phpinfo) session.auto_start On or Off (makes no difference) session.use_cookies Off <- not using cookies session.name PHPSESSID session.use_trans_sid Off (trans_sid worked with forms in 4.1.2) session.gc_maxlifetime 1440 Other things people have asked about: url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry Environment FreeBSD 4.8, Apache/1.3.31 (Unix) PHP/4.3.6 mod_ssl/2.8.17 OpenSSL/0.9.7d The session directory is writable and the files are getting properly written to that directory as shown below. I invoke the script from a browser and see the following: Stage:0 SessionID: 509012dd5633cba355c270f3934d1201 _______ [Submit] Stage:1 SessionID: 509012dd5633cba355c270f3934d1201 Request: Array ( ) GET: Array ( ) POST: Array ( [field] => ) COOKIE: Array ( ) Checking the session directory, I see an appropriately named file: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 containing stage|i:1; The Apache log contains two lines. The first does not contain the browser version and the second one does: "GET /g/xxx.php HTTP/1.0" "GET /g/xxx.php HTTP/1.0" 200 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 98) Opera 7.02 [en]" So I enter foo in the form and hit Submit. The browser screen shows that the script failed to use the session variable, but it remembers it: Stage:0 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 [field] => foo ) GET: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 ) POST: Array ( [field] => foo ) COOKIE: Array ( ) The session directory now contains TWO files: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:03 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; and the Apache log once again has two lines. The browser has passed back the original session ID but PHP has ignored it and assigned a new one. "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "http://SERVER/xxx.php" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" Now, I hit Submit once more and PHP does manage to re-use the session! And it will continue to do so until the script is re-invoked by another browser: Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad [field] => foo ) GET: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad ) POST: Array ( [field] => foo ) COOKIE: Array ( ) the session directory remains unchanged other than access time on the reused session: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:13 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; The Apache log once again contains two lines: "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "http://SERVER/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" And, finally, here is the test script. Install it as xxx.php if you want to test it: <? if (!session_id()) session_start(); if (!isset($_SESSION['stage'])) $_SESSION['stage'] = 0; if (!isset($_POST['field'])) $_POST['field'] = ""; ?> <html><head><title>PHP Test page</title></head><body> <? echo "Stage:"; echo $_SESSION['stage']; echo " SessionID: "; echo session_id(); $_SESSION['stage'] = 1; ?> <form method="post" action="xxx.php?<?= SID; ?>"> <input type="text" maxlength="7" size="7" name="field" value="<?echo $_POST['field']?>"> <input type="submit" value="Submit"> </form> <? echo "Stage:"; echo $_SESSION['stage']; echo " "; echo " SessionID: "; echo session_id(); echo "<br>"; echo " Request: "; print_r($_REQUEST); echo "<br>GET: "; print_r($_GET); echo " POST: "; print_r($_POST); echo " COOKIE: "; print_r($_COOKIE); ?> </body></html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405251800.i4PI05Mm097989>