i had trouble with 2 concurrent scripts, a login form with a php generated captcha... the latter truncated the session (session file length 0) so the login always failed due token or captcha error... i thought that was a session blocking problem, but was not
<?php @session_start();
$_SESSION['token'] = $token = random_string();
session_write_close();
?><pseudo html>
<form>
<hidden $token/>
Name : <input name/>
Pass : <input pass/>
Captcha <img captcha.php/> : <input captcha/>
<submit/>
</form>
</html>
<?php $code = random_string();
if ( request_valid() )
{
@session_start();
$_SESSION['captcha|'.$HTTP_REFERER] = $code;
session_write_close();
}
$img = text_to_img($code);
send_img($img);
?>
i choose pipeline as separator in line $_SESSION['captcha|'.$HTTP_REFERER] = $code; because being forbidden in urls "<>[\]^`{|}space
but seems pipeline produced serialization errors on session file, so changing to another inocuous character (underscode in my case) solved the problem... try to avoid reserved serialization characters |:{}";
