Greetings,

I think there are a still a few people lurking here and I'm sure there 
are still people using phplib.

I haven't run into any problems running phplib-based applications with 
the old sessioning under Apache 2.  I have a couple of systems that are 
under fairly heavy use and have seen no incidents of session data 
getting switched as you describe.  However, I will look for it more 
closely, now.

As for switching to php4 session support: that didn't work out for me. 
As I posted to this list back in February, there seems to be a bug in 
the phplib php4 session code that generates a warning.  I don't think 
that is necessarily a show stopper but, it's not ideal.

I was going to have a look and see if I could find the problem but, I 
started running in to some other erratic behavior with one of my apps 
that was cured immediately by going back to the original sessioning code.

There was some discussion here sometime back that concluded that it 
probably doesn't make much difference which sessioning one uses and that 
the old sessioning code might even be more efficient.  So, I really 
haven't pursued stomping the bug.

Andrew Crawford

Fabrizio Ermini wrote:
>  Hi!
>  
>  Is there still someone around here? :-)
>  
>  After all these years I continue to use my dear library (with pre-php4
>  session). Until lately I didin't have any problem.
>  But I've a couple installation made under apache 2.0 (that's starting to be
>  the default on many recent distros) that give me serious trouble:
>  it appears that erratically it happens some sort of "server side session
>  hijacking": a user logs in and "inherits" session data of a DIFFERENT user
>  that it's logged at the same time. This is quite rare, but not so much to
>  be explained with an MD5 collision!
>  The subject of this post refers to Apache 2 because that is the fact that
>  those two installations have in common. I've never seen something like this
>  in a apache 1.3.x installation.
>  
>  Is there anybody that can share come thought on this? Should I upgrade to
>  session4? Downgrading Apache version seem quite difficult to do.
>  
>  Thanks for any input.
>  Bye!
>  
>  Fabrizio Ermini
>  
>  
>  
>  
>  
>  
>  -------------------------------------------------------
>  SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>  from IBM. Find simple to follow Roadmaps, straightforward articles,
>  informative Webcasts and more! Get everything you need to get up to
>  speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>  _______________________________________________
>  Phplib-users mailing list
>  Phplib-users@[...].net
>  https://lists.sourceforge.net/lists/listinfo/phplib-users
>  


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Phplib-users mailing list
Phplib-users@[...].net
https://lists.sourceforge.net/lists/listinfo/phplib-users