Issues

ZF-10161: Checking the namespace metadata for expired ones, can produce notice about undefined index.

Issue Type: Bug Created: 2010-07-15T03:54:17.000+0000 Last Updated: 2010-07-16T13:22:31.000+0000 Status: Resolved Fix version(s): - 1.10.7 (28/Jul/10)

Reporter: Vova Yatsyuk (vova.yatsyuk@gmail.com) Assignee: Ralph Schindler (ralph) Tags: - Zend_Session

Related issues: Attachments:

Description

If we have namespace with expirationSeconds setted to 1, and expirationHops to 100, the notice will be produced by _processStartupMetadataGlobal method at Zend/Session.php on line 536. (Expiration values can be more realistic, but I took them for the faster problem detection.)

See the code below:

foreach ($_SESSION['__ZF'] as $namespace => $namespace_metadata) {

// Expire Namespace by Time (ENT)
if (isset($namespace_metadata['ENT']) && ($namespace_metadata['ENT'] > 0) && (time() > $namespace_metadata['ENT']) ) {
    unset($_SESSION[$namespace]);
    unset($_SESSION['__ZF'][$namespace]);
}

// Expire Namespace by Global Hop (ENGH)
if (isset($namespace_metadata['ENGH']) && $namespace_metadata['ENGH'] >= 1) {
    $_SESSION['__ZF'][$namespace]['ENGH']--;

    if ($_SESSION['__ZF'][$namespace]['ENGH'] === 0) {
        if (isset($_SESSION[$namespace])) {
            parent::$_expiringData[$namespace] = $_SESSION[$namespace];
            unset($_SESSION[$namespace]);
        }
        unset($_SESSION['__ZF'][$namespace]);
    }
}

In the '// Expire Namespace by Time (ENT)' namespace can be unsetted from the $_SESSION, but $namespace_metadata is left without changes. So the second block '// Expire Namespace by Global Hop (ENGH)' will try to execute same logic as in previous, but the Notice will be generated on the line: $_SESSION['__ZF'][$namespace]['ENGH']--; because $_SESSION variable has no longer the $namespace key.

Comments

Posted by Ralph Schindler (ralph) on 2010-07-16T13:22:31.000+0000

Fixed in r22587 in trunk and r22588 in release branch 1.10

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts