6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
3/29/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#1580] Horde SessionHandler drivers do not serialize session access
*
Your Email Address
*
Spam protection
Enter the letters below:
.___..___.__ .__. __ _/ [__ | \| |/ ` ./__.| |__/|__\\__.
Comment
> None of the Horde Framework SessionHandler drivers address session > serialization. This is problematic because many Horde application > PHP scripts (e.g., imp/mailbox.php) generate output that includes > Javascript code that results in multiple reconnects from the browser > (to retrieve CSS files, Javascript code libraries, etc). If the > original PHP script hasn't written its session state before these > subsequent accesses occur, the session state is corrupted, due to the > lack of serialized access. This can be visualized as two interleaved > threads of execution--B starting subsequent to A, and each accessing > the same session state (x): > > > > A(t0)-->session_read(x)-->session_write(x) > > B(t0+delta)-->session_read(x)-->session_write(x) > > > > In this scenario, the PHP script represented by thread A believes > that it has committed its session state, which it has, but which is > subsequently overwritten by the (earlier) session state contained in > thread B. Therefore, the output generated by A is no longer > consistent with the session cache--resulting in "message not found" > errors, and other oddities. Proper serialization of session access > in the SessionHandler drivers would alleviate this condition. > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers