Strict session. Detect session id collision

2 files changed, 28 insertions, 2 deletions

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index e9dc25a4b8..6beee097b2 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -459,9 +459,22 @@ PS_GC_FUNC(files)
 PS_CREATE_SID_FUNC(files)
 {
 	char *sid;
+	int maxfail = 3;
 	PS_FILES_DATA;
 
-	sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+	do {
+		sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+		/* Check collision */
+		if (ps_files_key_exists(data, sid TSRMLS_CC) == SUCCESS) {
+			if (sid) {
+				efree(sid);
+				sid = NULL;
+			}
+			if (!(maxfail--)) {
+				return NULL;
+			}
+		}
+	} while(!sid);
 
 	return sid;
 }
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index 7ca90833a6..69c0da7bdb 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -479,9 +479,22 @@ PS_GC_FUNC(mm)
 PS_CREATE_SID_FUNC(mm)
 {
 	char *sid;
+	int maxfail = 3;
 	PS_MM_DATA;
 
-	sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+	do {
+		sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+		/* Check collision */
+		if (ps_mm_key_exists(data, sid TSRMLS_CC) == SUCCESS) {
+			if (sid) {
+				efree(sid);
+				sid = NULL;
+			}
+			if (!(maxfail--)) {
+				return NULL;
+			}
+		}
+	} while(!sid);
 
 	return sid;
 }