#42750 [Opn]: if session_name contains a dot, a new session is started every request

Tue, 25 Sep 2007 05:08:56 -0700 

 ID:               42750
 User updated by:  dominik dot dorn at gmail dot com
 Reported By:      dominik dot dorn at gmail dot com
 Status:           Open
 Bug Type:         Session related
 Operating System: Gentoo Linux
 PHP Version:      5.2.4
 New Comment:

well then it should not even set the cookie with the dot in it,
shouldn't it? 

Could it be, that the "only alphanumeric" thing is a relict from the
register_globals=on time? 

Even if the manual says, the session_id should only contain
alphanumeric characters, it does not say that it has to. 

I think there is a just a simple bug in the method, which reads the
session cookie back in, because setting the cookie works. 

thanks for your help


Previous Comments:
------------------------------------------------------------------------

[2007-09-25 09:58:55] [EMAIL PROTECTED]

>From the manual: "It should contain only alphanumeric characters".
This propably should have some sort of check for invalid chars used in
the name.

------------------------------------------------------------------------

[2007-09-25 09:16:47] [EMAIL PROTECTED]

It's propably the fact that PHP changes dots in incoming data into _
but I need to investigate a bit.

------------------------------------------------------------------------

[2007-09-24 22:28:48] dominik dot dorn at gmail dot com

Description:
------------
i was trying to fool a little around and tried to set the
session_name to "MYSITE.NET_SessionID'.

PHP sets a cookie with the name ASP.NET_SessionID
but seems not to read it at the next page request.



Reproduce code:
---------------
I tried this with the session_name("ASP.NET_SessionID"); function
and with setting it thru php.ini
session.name = MYSITE.NET_SessionID

i even tried to surround the text with quotes in php.ini like
session.name = "MYSITE.NET_SessionID"
or
session.name = 'MYSITE.NET_SessionID"

Expected result:
----------------
php reads the session id from the cookie names "MYSITE.NET_SessionID'
and then reads the sessiondata with the specified sessionhash





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=42750&edit=1

Reply via email to