PHP issue on FreeBSD

Michael R. Wayne wayne at staff.msen.com
Tue May 25 10:59:30 PDT 2004 

I'm mentioning this here becasue the PHP list seems not to have a
clue and I had someone test this on both Mac and Linux and it works
OK there.

I updated a jail running on FreeBSD 4.8 from Apache 1.3.26 PHP 4.1.2
to Apache 1.3.31 PHP 4.3.6 and sessions broke.  All the gory details
are included below from a post I made to the PHP list.  I'm looking
for ideas as to how to debug this, ANY clues would be appreciated.

/\/\ \/\/


Session support worked fine in 4.1.2.  It's broken in 4.3.4 and 4.3.6.

The relevant session variables are:
   Session Support              enabled  (as per phpinfo)
   session.auto_start           On or Off (makes no difference)
   session.use_cookies          Off	<- not using cookies
   session.name			PHPSESSID
   session.use_trans_sid        Off	(trans_sid worked with forms in 4.1.2)
   session.gc_maxlifetime 	1440
Other things people have asked about:
   url_rewriter.tags		a=href,area=href,frame=src,input=src,form=fakeentry

Environment
   FreeBSD 4.8, Apache/1.3.31 (Unix) PHP/4.3.6 mod_ssl/2.8.17 OpenSSL/0.9.7d 

The session directory is writable and the files are getting properly
written to that directory as shown below.

I invoke the script from a browser and see the following:
   Stage:0 SessionID: 509012dd5633cba355c270f3934d1201   
   _______ [Submit]
   Stage:1 SessionID: 509012dd5633cba355c270f3934d1201
   Request: Array ( ) 
   GET: Array ( ) POST: Array ( [field] => ) COOKIE: Array ( ) 

Checking the session directory, I see an appropriately named file:
   -rw-------  1 nobody  msen  10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201
containing
   stage|i:1;
The Apache log contains two lines.  The first does not contain the 
browser version and the second one does:
   "GET /g/xxx.php HTTP/1.0"
   "GET /g/xxx.php HTTP/1.0" 200 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 98) Opera 7.02  [en]"

So I enter foo in the form and hit Submit.  The browser screen shows
that the script failed to use the session variable, but it remembers
it:
   Stage:0 SessionID: d7002911afdc01a5218e06af2b8f02ad   
   foo____ [Submit]
   Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad
   Request: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 [field] => foo ) 
   GET: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 ) POST: Array ( [field] => foo ) COOKIE: Array ( ) 
The session directory now contains TWO files:
   -rw-------  1 nobody  msen  10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201
   -rw-------  1 nobody  msen  10 May 25 12:03 sess_d7002911afdc01a5218e06af2b8f02ad
each containing:
   stage|i:1;
and the Apache log once again has two lines.  The browser has passed back
the original session ID but PHP has ignored it and assigned a new one.
   "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605
   "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "http://SERVER/xxx.php" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05  [en]"

Now, I hit Submit once more and PHP does manage to re-use the session!  And it
will continue to do so until the script is re-invoked by another browser:
   Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad   
   foo____ [Submit]
   Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad
   Request: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad [field] => foo ) 
   GET: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad ) POST: Array ( [field] => foo ) COOKIE: Array ( ) 
the session directory remains unchanged other than access time on the
reused session:
   -rw-------  1 nobody  msen  10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201
   -rw-------  1 nobody  msen  10 May 25 12:13 sess_d7002911afdc01a5218e06af2b8f02ad
each containing:
   stage|i:1;
The Apache log once again contains two lines:
   "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605
   "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "http://SERVER/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05  [en]"

And, finally, here is the test script.   Install it as xxx.php if you want to test it:

<?
   if (!session_id()) session_start();
   if (!isset($_SESSION['stage'])) $_SESSION['stage'] = 0;
   if (!isset($_POST['field']))  $_POST['field'] = ""; 
?>
<html><head><title>PHP Test page</title></head><body>
<?
   echo "Stage:"; echo $_SESSION['stage'];
   echo " SessionID: "; echo session_id();
   $_SESSION['stage'] = 1;
?>
   <form method="post" action="xxx.php?<?= SID; ?>">
      <input type="text" maxlength="7" size="7" name="field" value="<?echo $_POST['field']?>">
      <input type="submit" value="Submit">
   </form>
<?
   echo "Stage:"; echo $_SESSION['stage']; echo " ";
   echo " SessionID: "; echo session_id(); echo "<br>";
   echo " Request: "; print_r($_REQUEST);
   echo "<br>GET: "; print_r($_GET); echo " POST: "; print_r($_POST); echo " COOKIE: "; print_r($_COOKIE);

?>
</body></html>

More information about the freebsd-isp mailing list