By on

I recently went through a problem with two PHP scripts in what at first sight looked like a bug. Basically, I wanted a script a.php to update some $_SESSION values of another script b.php using the same session file. As I didn’t want to have a heavy dependance between both scripts, I ended up using CURL, and calling b.php from a.php:


if (($ch = curl_init("http://localhost/b.php"))) {
  foreach ($_COOKIE as $key => $value) {
     $cookie = $key . "=" . $value . "; path=/";
     curl_setopt($ch, CURLOPT_COOKIE, $cookie);

echo "My pokemon is " . $_SESSION['pokemon'] . "\n";




$_SESSION['pokemon'] = 'pikachu';

Both scripts are hosted under the same domain and on the same host so as to share session files. Guess what? It times out.

What actually happens is that the PHP process handling a.php waits for the process handling b.php to finish (through the CURL request). Both processes use the same session file, unfortunately, between a session_start() call and a session_destroy() call (implicitely made at the end of the execution of the script), the session file is locked, leading here to a nice deadlock.