[PHP-DEV] PHP 4.0 Bug #3793 Updated: session.gc_maxlifetime does not work From: Bug Database (php-dev <email protected>)
Date: 10/12/00

ID: 3793
User Update by: kori_mail <email protected>
Status: Feedback
Bug Type: *Session related
Description: session.gc_maxlifetime does not work

I'm sorry I can't test the snapshots because I haven't MS VC++.

I tested the latest release version 4.0.3 with my sample scripts and the same PHP.INI's setting I post with my previous comments.

I'm sorry, there are still ALL errors I reported before.

Calling Session_Destoy() function wrote: Warning: Session object destruction failed in c:\www\session\destroy.php on line 7

I found a new bug, maybe :-) When the "session.use_trans_sid = 1", SID is attached to all IMG tags in script also.

For example <img src="image.gif" width="100" height="80" alt=""> is after execution of the script changed to <img src="image.gif?uid=e7ad41c1e3fc6d775886a520ee4a6e50" width="100" height="80" alt="">.

OS: Windows 2000 server with SP1
PHP: 4.0.3 php4isapi.dll with IIS or PHP.EXE with Apache 3.1.12
PHP.INI-DIST included in 4.0.3 ZIP file with session settings:

[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path = C:/WINNT/Temp ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies = 0 ; whether to use cookies
session.name = PHPSESSID
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start = 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability = 1 (OR 100) ; percentual probability that the
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime = 1440 ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
                                    ; externally stored URLs containing ids
session.entropy_length = 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session id
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 0 ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
                                    
----------------------------

Please, try my sample scripts I post with my previous comments...

--Kori

Previous Comments:
---------------------------------------------------------------------------

[2000-09-18 06:35:07] sniper <email protected>
Please try php4.0.2 or preferrably latest CVS or snapshot.

--Jani

---------------------------------------------------------------------------

[2000-09-12 21:58:56] kori_mail <email protected>

To Jani: OK, there are my sample scripts :-)

----- index.php ----

<?php

        
        session_name("uid");
        session_start();

        session_register("param1");
        
        $param1 = "registered";

        $t = "Value of param1 is <b>" . $param1 . "</b></br>";

        $t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

        $t .= "SID is: <b>" . SID . "</b><br><br>";

        $t .= "<a href="test.php?" . SID . "">Click here</a>";

        print($t);

?>

------ test.php -----

<?php

        
        session_name("uid");
        session_start();

        $t = "Value of param1 is <b>" . $param1 . "</b></br>";

        $t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

        $t .= "SID is: <b>" . SID . "</b><br><br>";

        $t .= "<a href="test.php?" . SID . "">Click here after 60 seconds</a><br>";

        $t .= "<a href="destroy.php?" . SID . "">Click here to destroy session</a>";

        print($t);

?>

------ destroy.php ------

<?php

        
        session_name("uid");
        session_start();

        session_destroy();

        $t = "Value of param1 is <b>" . $param1 . "</b></br>";

        $t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

        $t .= "SID is: <b>" . SID . "</b><br><br>";

        $t .= "<a href="test.php?" . SID . "">Click here</a><br>";

        print($t);

?>

----- PHP.INI (session section) -----

[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path = C:/WINNT/Temp ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies = 0 ; whether to use cookies
session.name = PHPSESSID
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start = 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability = 1 ; percentual probability that the
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime = 60 ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
                                    ; externally stored URLs containing ids
session.entropy_length = 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session id
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes

-----------------------------

Other options in PHP.INI are default.

Please, try also set "session.gc_probability = 100" in PHP.INI and run these scripts from two browser windows (it simulates 2 connected users) and you will see how second user with other UID ovewrites session od the first user.

PHP: 4.0.1pl2
Tested OS: W2K PRO & SERVER
WWW: Apache 1.3.12 & IIS 5.0

Jiri Kori

---------------------------------------------------------------------------

[2000-08-28 14:04:15] sniper <email protected>
Please attach your test scripts into this report directly.

(We are so lazy that we don't want to go and download
something from some url and then unzip it and then attach
it here by ourselves..=)

And by attaching those scripts here, they will be available
all time even if your site is down or you decide to delete
that zip-file.

--Jani

---------------------------------------------------------------------------

[2000-08-08 18:18:13] kori_mail <email protected>
Please, download and try my sample scipts from

http://www.webace.cz/session.zip

There is my PHP.INI for testing use also...

---------------------------------------------------------------------------

[2000-08-08 17:19:05] kori_mail <email protected>
I use FAT32. I will try NTSF tomorow...

---------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online.

Full Bug description available at: http://bugs.php.net/?id=3793 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>