PDOSessionHandler stream usage in 2.6 introduces PHP Bug #40913 #12834
Comments
|
I'd also like to note that this issue also breaks backwards compatibility along with #12833 |
|
@brianfreytag what pdo driver are you using? And why does the string returned not work? Is it malformed? Because a string with the session data is exactly what we want at the end. |
|
We are using ODBC. The problem is the the session data is being stored as an VARBINARY. It's returning that VARBINARY as a string. When PHP tries to match it up in the database, it's using a string and trying to match it up with a VARBINARY. That won't work. It's trying to use a string like stream data. Please read through the PHP bug report. It's pretty widely known and they go into much greater detail. Regardless, we reverted back to 2.5.8 until all of these BC breaking files have been reverted. |
|
@brianfreytag I think you mixed two different things here. The data is saved in a BLOB. That the data is a string instead of a resource should not be a problem. But the problem is probably that ODBC behaves different from pdo_mysql that I tested it with when dealing with VARBINARY. |
|
Closing as there is no feedback from the reporter. |
There is a PHP bug that was submitted in 2007 that still applies today.
https://bugs.php.net/bug.php?id=40913
In commit 1bc6680, the Session data column was updated to a PDO::PARAM_LOB from a base64 encoded PDO::PARAM_STR.
This now introduces the PHP Bug 40913 linked above. Instead of returning a Resource, it returns a string. This makes it impossible to load the sessions correctly.
Since it is returning $session[0][0] as a string instead of a resource,
is_resource($session[0][0])returns false, and then it returns a string, and then PHP doesn't know what to do with it, so authentication breaks.The text was updated successfully, but these errors were encountered: