Home / server / Questions / 247566
Accepted
c33s
Asked: 2011-03-16 03:34:03 +0800 CST

php sessions files incompatible? - php5.2 debian lenny vs php5.3 debian squeeze

  • 772

php is truncating the session files to zero after migrating the session files from server one (debian lenny php 5.2) to the new server (debian squeeze php 5.3).

i create a session on server one with createsession.php (see below) and can view the content of the session with dumpsession.php on the same server.

after copying the session files from server one to the other server and switching to server two by changing my local hosts file, i have still the same cookie with the correct session id stored in the browser, the new server accesses the right session file, but instead of displaying the content of the session, the server truncates the session file to zero and starts a new session with the same session id.

is it possible to migrate the session files? is the serverip somehow hashed into the sessiondata?

is session sharing between php5.2 and php5.3 possible?

createsession.php

<?php
  session_name('mysession');
  session_start();
  var_dump(session_id());
  var_dump($_SESSION);
?>

dumpsession.php

<?php
  session_name('mysession');
  session_start();
  var_dump(session_id());
  $_SESSION['foo'] = 'bar';
?>

php.ini session part

[Session]
session.save_handler = files
session.save_path = "3;/var/lib/php5"
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 
session.serialize_handler = php
session.gc_divisor     = 100
session.gc_maxlifetime = 5184000
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

edit: my solution was switching back to debian lenny.

php debian session php53

2 Answers

  1. Best Answer

    I'd be very surprised if it has changed (don't have access to check myself).

    What happens if you copy the session file to /tmp then:

    $s=('/tmp/sess_' . session_id);
print_r(unserialize(substr($s, strpos($s, '|')+1)));

    I think it's slightly more likely that the session file format may have changed compared with a change to the format of serialize() - so just using your own session handler may resolve the problem.

    Regardless - if you're running the website on multiple machines, you should try to keep the same config software on each one - it makes life a lot simpler.

    • 1

  2. You can fix this by removing the php5-suhosin package.

    aptitude remove --purge php5-suhosin

    Apparently one of its new functions is to encrypt the session data, which was enabled when you upgraded from lenny to squeeze.

    I just spent quite a long time working this out!

    • 1