From: [EMAIL PROTECTED]
Operating system: SunOS
PHP version: 4.1.2
PHP Bug Type: Session related
Bug description: Using session_destroy() after start of output can mangle output
Using session_destroy() in a page that has a link which is automatically
modified to include the PHPSESSID then the output is mangled. Here is the
shortest example I could come up with that demonstrates what happens
clearly.
With everything I've tried so far session_destroy() is the only thing that
causes this bad behavior.
Here is the PHP source file:
<?php
session_start();
?>
<html>
<head>
</head>
<body>
<a href="/test-3.php">Finish test</a>
<?php
echo '-before';
session_destroy();
echo '=after';
?>
</body>
</html>
This is the output if my browser has cookies enabled:
<html>
<head>
</head>
<body>
<a href="/test-3.php">Finish test</a>
-before=after</body>
</html>
This is the output is my browser has cookies disabled:
<html>
<head>
</head>
<body>
<a href="/test-3.php?PHPSESSID=9e902efea2402095d2cba275b603816f">Finish
test</=after</body>
</html>
a>
-before
This happens even if the link is after the session_destroy() and no
PHPSESSID is automatically inserted.
Changing the source to this:
<?php
session_start();
?>
<html>
<head>
</head>
<body>
I'm done
<?php
echo '-before';
session_destroy();
echo '=after';
?>
<a href="/test-3.php">Finish test</a>
</body>
</html>
Results in this if cookies are disabled:
<html>
<head>
</head>
<body=after <a href="/test-3.php">Finish test</a>
</body>
</html>
>
I'm done
-before
It appears from all of my testing that I must have the session_destroy()
before anything is output to the browser. I think that this should be
documented and fixed.
Configuration is:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-mysql=/usr/local/mysql' '--with-msql=/usr/local/Hughes'
'--enable-track-vars' '--enable-memory-limit' '--enable- sysvshm'
'--enable-trans-sid' '--with-gd=/usr/local' '--with-ttf=/usr/local'
'--with-jpeg- dir=/usr/local' '--with-zlib-dir=shared'
'--with-gdbm=/usr/local' '--with-db3=/usr/local/ BerkeleyDB.3.1'
'--with-xml' '--enable-ftp'
--
Edit bug report at http://bugs.php.net/?id=16579&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16579&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16579&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16579&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16579&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16579&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16579&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16579&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16579&r=submittedtwice
