Definite bug in PHP sessions

minorgod

Okay, I'm about 99% sure this is a bug and I'm looking for confirmation. If you build a php application that uses sessions in the following way, they won't work right!

You have a php application that uses sessions to display content in a main window. You have another page that opens in a new window...in my case a Table of Contents for the main application. The popup window uses a $_SESSION array (so we must start a session in the popup window) to display links to all the pages in the main application. When clicked, the popup window calls a javascript that does a location.replace() on the main window, passing it a page_id to go to. The Main application does all the session manipulation to display the correct page (which it does correctly), and then we reload the popup window which now highlights the new current_page and scrolls to the appropriate highlighted location in the list of pages. Both windows access the same data, but only the main window manipulates it at all.

You will notice however, that despite the fact that you have called the pages sequentially so that niether page is accessing the sessions at the same time, the popup window not only retains old session data, but the main window reverts back to the old session data once the popup has reloaded, despite having shown the correct data the first time around. No matter how you manipulate the headers, the sessions still break when you open them in multiple windows. I have verified this behavior in both IE 6 and in Mozilla Firebird. I have also seen a bug report on the official PHP site denying that this is a bug, despite other users using packet sniffers to verify that the wrong info is being returned, despite the correct info being sent in the correct order. This is a massive bug that definitely exists and I would love for someone else to confirm it here so that I can submit an official bug report to PHP.net.

To work around this problem, I modified my application so that the popup window does not reload its session data after the main application manipulates and reloads its own session, and it solved my problem.

In summary. You cannot open a popup window, then manipulate your sessions in the main window, then reload your popup window without corrupting your session. At first glance, it seems to work right, but once you start testing, you realize that it doesn't work. Sometimes all the old data is kept intact...sometimes not. This is not a bug in my code, I've rewritten it like 5 different ways and get variations on the aformentioned behavior no matter what output buffering or session_cache_limiter settings I use. Occasionally, it will work fine once or twice, but invariably, it stops working and pages simply stop loading correctly. Since the PHP developers say this is not a bug, I assume it exists in all versions of PHP, though I'm using version 4.2.3.

stolzyboy

you do realize that PHP 4.3.3 is the newest stable version, right, there were many addressed bugs in PHP 4.2.x, that is why they quickly came out with 4.3.x

minorgod

Yes I'm aware of that fact. I've looked at the bug list and noticed that another user submitted this bug, but the PHP developer's response was that it was not possible that PHP was the problem. Therefore, I assume it has not been addressed by the PHP team. I have no way to force my ISP to upgrade at any rate, so even if it has been addressed, I would like to know if a workaround exists.