Circling back on this one.
Since a session is not
normally created for spiders (under the control of
Configuration->Sessions->Prevent Spider Sessions), if a store's SQL mode is set for
STRICT_TRANS_TABLES, then the $val passed into the _sess_write function (present in /includes/functions/sessions.php) is going to be null when a spider's session has ended.
Examining the database class'
bindVars method, using a
string bindType can result in a
null value being returned, which is a "bad thing" in this case, since the `value` field can't be null per the
sessions database-table's configuration.
Code:
function _sess_write($key, $val) {
global $db;
if (!is_object($db)) return;
$val = base64_encode($val);
global $SESS_LIFE;
$expiry = time() + $SESS_LIFE;
$sql = "insert into " . TABLE_SESSIONS . " (sesskey, expiry, `value`)
values (:zkey, :zexpiry, :zvalue)
ON DUPLICATE KEY UPDATE `value`=:zvalue, expiry=:zexpiry";
$sql = $db->bindVars($sql, ':zkey', $key, 'string');
$sql = $db->bindVars($sql, ':zexpiry', $expiry, 'integer');
$sql = $db->bindVars($sql, ':zvalue', $val, 'string');
$result = $db->Execute($sql);
return (!empty($result) && !empty($result->resource));
}
I suggest changing that function to use the
stringIgnoreNull type instead, since that bindType will always result in a quoted string:
Code:
function _sess_write($key, $val) {
global $db;
if (!is_object($db)) return;
$val = base64_encode($val);
global $SESS_LIFE;
$expiry = time() + $SESS_LIFE;
$sql = "insert into " . TABLE_SESSIONS . " (sesskey, expiry, `value`)
values (:zkey, :zexpiry, :zvalue)
ON DUPLICATE KEY UPDATE `value`=:zvalue, expiry=:zexpiry";
$sql = $db->bindVars($sql, ':zkey', $key, 'string');
$sql = $db->bindVars($sql, ':zexpiry', $expiry, 'integer');
$sql = $db->bindVars($sql, ':zvalue', $val, 'stringIgnoreNull');
$result = $db->Execute($sql);
return (!empty($result) && !empty($result->resource));
}