1

php is truncating the session files to zero after migrating the session files from server one (debian lenny php 5.2) to the new server (debian squeeze php 5.3).

i create a session on server one with createsession.php (see below) and can view the content of the session with dumpsession.php on the same server.

after copying the session files from server one to the other server and switching to server two by changing my local hosts file, i have still the same cookie with the correct session id stored in the browser, the new server accesses the right session file, but instead of displaying the content of the session, the server truncates the session file to zero and starts a new session with the same session id.

is it possible to migrate the session files? is the serverip somehow hashed into the sessiondata?

is session sharing between php5.2 and php5.3 possible?

createsession.php

<?php
  session_name('mysession');
  session_start();
  var_dump(session_id());
  var_dump($_SESSION);
?>

dumpsession.php

<?php
  session_name('mysession');
  session_start();
  var_dump(session_id());
  $_SESSION['foo'] = 'bar';
?>

php.ini session part

[Session]
session.save_handler = files
session.save_path = "3;/var/lib/php5"
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 
session.serialize_handler = php
session.gc_divisor     = 100
session.gc_maxlifetime = 5184000
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

edit: my solution was switching back to debian lenny.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
c33s
  • 1,465
  • 3
  • 20
  • 39

2 Answers2

1

I'd be very surprised if it has changed (don't have access to check myself).

What happens if you copy the session file to /tmp then:

$s=('/tmp/sess_' . session_id);
print_r(unserialize(substr($s, strpos($s, '|')+1)));

I think it's slightly more likely that the session file format may have changed compared with a change to the format of serialize() - so just using your own session handler may resolve the problem.

Regardless - if you're running the website on multiple machines, you should try to keep the same config software on each one - it makes life a lot simpler.

symcbean
  • 19,931
  • 1
  • 29
  • 49
  • on both servers i get a false if i vardump the return value. – c33s Mar 15 '11 at 12:07
  • (I did update the code above - the default handler adds more than just the serialized array - just unserializing the file isn't going to work) Tried comparing session files created on the 2 machines? Tried using a custom session handler? – symcbean Mar 15 '11 at 14:57
  • thank you for your answer, but i switched back to lenny with the 2nd machine. the session files are simply not compatible and it was to much overhead to create a custom session handler – c33s Apr 06 '11 at 08:34
  • haven't tested it, but i accepted the answer because it sounds plausible to me (also if the other answers mention if i delete suhosin it also will work). – c33s Nov 28 '11 at 06:47
1

You can fix this by removing the php5-suhosin package.

aptitude remove --purge php5-suhosin

Apparently one of its new functions is to encrypt the session data, which was enabled when you upgraded from lenny to squeeze.

I just spent quite a long time working this out!

Nick Craig-Wood
  • 139
  • 3