#48565 [Opn->Fbk]: Transparent session ID occasionally not added

Wed, 24 Jun 2009 04:22:43 -0700 

 ID:               48565
 Updated by:       [email protected]
 Reported By:      bill at rubgrp dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         Session related
 Operating System: Linux (Fedora 11)
 PHP Version:      5.2.9
 New Comment:

Please try using this CVS snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/




Previous Comments:
------------------------------------------------------------------------

[2009-06-15 22:45:57] bill at rubgrp dot com

Description:
------------
Sometimes when adding a session ID to a URL, it is not added after
existing parameters, but rather iafter the closing quote for the URL. 
For example, an anchor tag of '<a href="xyzzy.php?arg=y">' would be
rewritten as '<a href="xyzzy.php?arg=y"?PHPSESSID=123...>' instead of
'<a href="xyzzy.php?arg=y&PHPSESSID=123...">'.

This appears to be similar to the issue reported in bug #3411.  It
appears to be buffer related, since adding or subtracting a few
characters from earlier in the page can introduce or eliminate the
error.  As mentioned in #3411, turning on output buffering eliminates
the problem.

This seemed to work correctly through 5.2.5, but has not worked since
5.2.6.


Reproduce code:
---------------
Since it appears to be dependent on the number of bytes in the buffer,
it can't be reproduced in 20 lines.  Here is a link to a page that
generated the examples:

http://www.rubgrp.com/~bill/sample.php


Expected result:
----------------
<a
href="custmain.php?srch=000006&PHPSESSID=ho7ev8p2bmc16rotaih4duat82">000006</a>
...snip...
<a
href="custmain.php?srch=000007&PHPSESSID=ho7ev8p2bmc16rotaih4duat82>000007</a>
..snip...
<a
href="custmain.php?srch=000008&PHPSESSID=ho7ev8p2bmc16rotaih4duat82">000008</a></td>

Actual result:
--------------
<a
href="custmain.php?srch=000006&PHPSESSID=ho7ev8p2bmc16rotaih4duat82">000006</a>
...snip...
<a
href="custmain.php?srch=000007"?PHPSESSID=ho7ev8p2bmc16rotaih4duat82>000007</a>
..snip...
<a
href="custmain.php?srch=000008&PHPSESSID=ho7ev8p2bmc16rotaih4duat82">000008</a></td>

(The first and third are correct; in the second line the session ID is
added after the closing quote on the href value.)


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48565&edit=1

Reply via email to