Author Topic: Session-Methods are not thread safe  (Read 2781 times)

Offline micha

  • Newbie
  • *
  • Posts: 2
Session-Methods are not thread safe
« on: November 12, 2007, 06:08:02 AM »
Hi.

I discovered a problem with the login, where after some logins and logouts, every new Login-Attempt kicked me back to the login screen. Without any mention of a problem in the logs.

After some debugging, I found the error. The problem is, that the sess_read and sess_write methods that are used during logout and also used by the periodical mail checking process, are not synchronized.

The events occur in the following order:
1. Logout calls sess_read
2. Periodical Mail Check calls sess_read
3. Logout calls sess_write (with $vars (temp|b:1))
4. Periodical Mail Check calls sess_write ($vars without temp)

Next login, session_start reads in the session parameters and index.php checks if $_SESSION['temp'] is true and fails.

The only way to solve the problem is to restart the browser (in-memory session cookies in IE) or delete the cookies in Firefox.

I also searched the forum and found some posts, where I think that they are very similar to this problem. Maybe this solution applies also to them.

Micha