Edit report at https://bugs.php.net/bug.php?id=60101&edit=1
ID: 60101
Updated by: yohg...@php.net
Reported by: funkychunkymunky at gmail dot com
Summary: Limit to session_regenerate_id updates
-Status: Open
+Status: Feedback
Type: Bug
Package: Session related
Operating System: Debian Squeeze
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
I've test with my PHP 5.3 and trunk (with strict session patch) with cli.
Although, I had to add ob_start() at the beginning, it executes all.
I guess you are using Apache web server to test it. Is there any crash log in
your apache's error_log? If so, please submit backtrace.
Previous Comments:
------------------------------------------------------------------------
[2011-10-19 22:54:12] funkychunkymunky at gmail dot com
Description:
------------
Was doing some debugging on our session class and wanted to start from scratch
on
a few tests so we came up with the following, just to see how frequently we his
collisions using the default session configs.
It appears that session_regenerate_id quits regenerating after 114 runs, after
which the function simply fails.
Test script:
---------------
$arr = array();
session_id();
session_start();
for( $i = 0; $i <= 100000; $i++ )
{
$ses = session_id();
if(!session_regenerate_id(true) ) {
exit;
}
echo "Session: ". $ses. "\n";
$arr[$ses]++;
}
print_r( array_count_values( $arr ) );
Expected result:
----------------
Every call to session_regenerate_id and then to session_id would result in a
new
ID, and without limit.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60101&edit=1
