From owner-freebsd-isp@FreeBSD.ORG Tue May 25 10:59:30 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A37116A4CE for ; Tue, 25 May 2004 10:59:30 -0700 (PDT) Received: from manor.msen.com (manor.msen.com [148.59.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id F10F443D41 for ; Tue, 25 May 2004 10:59:29 -0700 (PDT) (envelope-from wayne@manor.msen.com) Received: from manor.msen.com (localhost [127.0.0.1]) by manor.msen.com (8.12.9p2/8.12.9) with ESMTP id i4PI05Mm097989 for ; Tue, 25 May 2004 14:00:05 -0400 (EDT) (envelope-from wayne@manor.msen.com) Message-Id: <200405251800.i4PI05Mm097989@manor.msen.com> To: freebsd-isp@freebsd.org From: "Michael R. Wayne" Date: Tue, 25 May 2004 14:00:05 -0400 Sender: wayne@manor.msen.com Subject: PHP issue on FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2004 17:59:30 -0000 I'm mentioning this here becasue the PHP list seems not to have a clue and I had someone test this on both Mac and Linux and it works OK there. I updated a jail running on FreeBSD 4.8 from Apache 1.3.26 PHP 4.1.2 to Apache 1.3.31 PHP 4.3.6 and sessions broke. All the gory details are included below from a post I made to the PHP list. I'm looking for ideas as to how to debug this, ANY clues would be appreciated. /\/\ \/\/ Session support worked fine in 4.1.2. It's broken in 4.3.4 and 4.3.6. The relevant session variables are: Session Support enabled (as per phpinfo) session.auto_start On or Off (makes no difference) session.use_cookies Off <- not using cookies session.name PHPSESSID session.use_trans_sid Off (trans_sid worked with forms in 4.1.2) session.gc_maxlifetime 1440 Other things people have asked about: url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry Environment FreeBSD 4.8, Apache/1.3.31 (Unix) PHP/4.3.6 mod_ssl/2.8.17 OpenSSL/0.9.7d The session directory is writable and the files are getting properly written to that directory as shown below. I invoke the script from a browser and see the following: Stage:0 SessionID: 509012dd5633cba355c270f3934d1201 _______ [Submit] Stage:1 SessionID: 509012dd5633cba355c270f3934d1201 Request: Array ( ) GET: Array ( ) POST: Array ( [field] => ) COOKIE: Array ( ) Checking the session directory, I see an appropriately named file: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 containing stage|i:1; The Apache log contains two lines. The first does not contain the browser version and the second one does: "GET /g/xxx.php HTTP/1.0" "GET /g/xxx.php HTTP/1.0" 200 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 98) Opera 7.02 [en]" So I enter foo in the form and hit Submit. The browser screen shows that the script failed to use the session variable, but it remembers it: Stage:0 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 [field] => foo ) GET: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 ) POST: Array ( [field] => foo ) COOKIE: Array ( ) The session directory now contains TWO files: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:03 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; and the Apache log once again has two lines. The browser has passed back the original session ID but PHP has ignored it and assigned a new one. "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "http://SERVER/xxx.php" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" Now, I hit Submit once more and PHP does manage to re-use the session! And it will continue to do so until the script is re-invoked by another browser: Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad [field] => foo ) GET: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad ) POST: Array ( [field] => foo ) COOKIE: Array ( ) the session directory remains unchanged other than access time on the reused session: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:13 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; The Apache log once again contains two lines: "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "http://SERVER/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" And, finally, here is the test script. Install it as xxx.php if you want to test it: PHP Test page
"; echo " Request: "; print_r($_REQUEST); echo "
GET: "; print_r($_GET); echo " POST: "; print_r($_POST); echo " COOKIE: "; print_r($_COOKIE); ?>