TYPO3 Core

I am not able to reproduce that. The "hash_" file is created as soon as I first hit the install tool, so there is always one there. Even when changing the password, it creates a new "session*" dir and a hash_* file inside.

Could you try to figure out how you could reproduce that and give more detailed steps?

The gc callback in session_set_save_handler() is called before the write callback. Thats the reason why sometimes no file exists at this point.

This is also mentioned in http://bugs.php.net/bug.php?id=35479

Ok, the problem is that glob() seems to be returning false in your case, while it returns an empty array for me in this situation, thus never entering in this warning situation.

What PHP version are you running and which OS?

php.net docs on "glob()" say:

"Returns an array containing the matched files/directories, an empty array if no file matched or FALSE on error."

and also "Note: On some systems it is impossible to distinguish between empty match and an error. "

So it might be easier to just make sure it is an array before continuing just to be safe. Please try attached patch (for trunk) to see if it fixes your problem.

Yep, patch fixed this.

The system is a std. debian lenny php package (php5-cgi/lenny uptodate 5.2.6.dfsg.1-1+lenny3) with suhosin, reverse proxy, open_basedir and eaccelerator.

Reading http://bugs.php.net/bug.php?id=47358 there seems to be a problem with return value of glob() in open_basedir environments. This is probably the root of all evil and your patch happily takes care of this. Thanks :)

Thanks. Pending in the core list

Commited to
- trunk rev. 6297 (beta3)
- 4.2 rev 6298 (4.2.11)
- 4.1 rev 6299 (4.1.14)