PHP5 $_SESSION problem

4.3.6 patch:

diff -ru /usr/local/src/drupal-4.6.3/includes/session.inc includes/session.inc
--- /usr/local/src/drupal-4.6.3/includes/session.inc 2005-08-10 21:43:03.000000000 +0100
+++ includes/session.inc 2005-10-12 19:19:20.756771760 +0100
@@ -8,6 +8,7 @@

session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");
session_start();
+$user->session =& $_SESSION;

/*** Session functions *****************************************************/

Paul Gregg, aka Qube (but not here)

If this solves the repeating bug, you can tell me:

Why could drupal_set_message() add (set) something to the session (1), but drupal_get_messages() not empty (2) it?

(1) $_SESSION['messages'][$type][] = $message
(2) $_SESSION['messages'] = array()

I too would like to understand what's happening. It's a hariy solution and I'm not fond of these unless I fully understand what's going wrong.

Bump

i don't see a patch there. also, please don't bump issues. if you must, contact developers privately about issues which you feel need more attention.

also, we just submitted a session.inc rewrite which might change this anyway. is in 'ready for review' queue at the moment.

To make sure session variables are written when redirections occur (as it happens when Drupal forms are submitted), try calling session_write_close() just before header('Location: ...') in function drupal_goto().

To unset a session variable when register_globals is ON, you may need to explicitly unset the global itself. Also, I believe the proper way to unregister a global variable from within a function is through the $GLOBALS array, so:

unset($_SESSION['foo'], $GLOBALS['foo']);

On an aside... here's a funny experiment:
1) Goto admin/settings
2) Press the 'Save Configuration' button and, after a few milliseconds, hit the Escape key to abort the request.
3) Press the 'Save Configuration' button again.
You'll see the "The configuration options have been saved." duplicated.

This is because, drupal_set_message() was called before you hit the Escape key (the message was stored in session variables and those were written to db), but drupal_get_messages() was not called yet.

The second time you sent the form, drupal_set_message() is called again, hence the same exact message is appended to the $_SESSION array, then a redirection takes place and then drupal_get_messages() is called, getting both messages.

This could be prevented if drupal_set_message was checking for dups. ie. instead of:

$_SESSION['messages'][$type][] = $message;

it could do:

if (!in_array($message, $_SESSION['messages'][$type])) {
  $_SESSION['messages'][$type][] = $message;
}

how was this fixed in drupal 4.7??

This should be fixed on HEAD by now! At least the code had significant changes...

Moving out of the "x.y.z" queue to a real queue.

Also marking it "To be ported" so that someone more knowledgeable can determine if this is still needed/relevant.

no patch attached.

I'm having this issue with Drupal 5.1 on Windows with Apache 2 -- is it really fixed?

For anyone using 5.1, the lines of code in the patch can be found in bootstrap.inc

I've PHP5 Apache 2 and drupal 5.8 and still this problem.

patch is still not include ??

Thanks in advance
++

@moksa: I guess the issue you may face is really different than this old one, please open a new issue and give as much detail as possible about your problem.

It's done.