Edit report at https://bugs.php.net/bug.php?id=52018&edit=1
ID: 52018 Updated by: php-bugs@lists.php.net Reported by: nospam at nospam dot homelinux dot org Summary: Probable cookie problem with 5.3.2 -Status: Feedback +Status: No Feedback Type: Bug Package: HTTP related Operating System: Linux Debian 5.0.4 PHP Version: 5.3.2 New Comment: No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. Previous Comments: ------------------------------------------------------------------------ [2010-08-16 04:57:12] ka...@php.net Does it happen with 5.3.3? Which SAPI are you using? And do you have an example of the HTTP requests/responses where you clearly can see there is cookies and $_COOKIE still is empty? ------------------------------------------------------------------------ [2010-06-14 00:31:57] dklanac at gmail dot com Correction. My local PHP version whose cookies work properly is 5.3.1. ------------------------------------------------------------------------ [2010-06-08 13:05:33] nospam at nospam dot homelinux dot org Isolating the phpBB "automatic logon" feature would likely be a long and complex task, as I haven't deeply studied its code. I already opened a topic on the phpBB forum about 10 days ago, I just added an update to it. http://www.phpbb.com/community/viewtopic.php?t=2092537 Gingko ------------------------------------------------------------------------ [2010-06-08 07:54:26] phi...@php.net Maybe you can reproduce by isolating the phpBB "automatic logon" feature? Do the phpBB people have any ideas? I suspect they'd do a more efficient job finding this bug. ------------------------------------------------------------------------ [2010-06-07 21:47:59] nospam at nospam dot homelinux dot org Description: ------------ There seems to be a problem with PHP 5.3.2: cookies are not working properly in some cases, for example when running PhpBB 3.0.5 (and probably other versions also). The reason **seems** to be that the $_COOKIE super global variable is not always populated with received cookies, and the most visible effect is that the users of my phpBB forum are not able to use the âautomatic logonâ feature of phpBB. However, a simple test case with the setcookie function works properly, so I donât know exactly what kind of cookie can trigger the bug. Downgrading to phpBB 5.2.13 or lower effectively fix the problem. I made multiple tries, using either 5.2.6, 5.2.13 or 5.3.2, either compiled by myself or installed from Debian packages, with or without the Debian security patches, while keeping the same php.ini configuration in all cases, and the result was always the same: - with 5.2.6 or 5.2.13, cookies are handled properly, and phpBB users can use the phpBB's automatic âautomatic logonâ feature. - with 5.3.2, cookies seem to be blocked, $_COOKIE is not populated (except maybe by as many empty strings as the number of expected cookies). The server also uses Apache 2.2.9 and MySQL 5.1.46, and I tried on two different Debian 5.0.4 configurations, one as 32 bits at my home and one as 64 bits in a datacenter. I used Wireshark for network sniffing, so I can tell that cookies are truely present in HTTP headers. I tracked the $_COOKIE variable by adding a "error_log(print_r($_COOKIE, true))" instruction near the beginning of the phpBB common code. Test script: --------------- I'm sorry, I don't know how to make a short test script showing the problem. I tried a short test with setcookie but it worked properly, even with 5.3.2. I suppose that there are some combined interactions within phpBB triggering this problem when they happen altogether. The only procedure that I can suggest is the following: - Install a phpBB server (download from http://www.php.net/) with the default configuration. - Create a user account with any name. - Try to login on this account. Don't forget to check the "Log me on automatically each visit" option when login. - Browse a little inside the forum, check that the connexion is kept by session ID. - Quit your browser, closing all of its Windows. - Reopen the browser, and open again the phpBB forum. Use the root address of the forum, without the session ID parameter. Expected result: ---------------- When opening the forum homepage, login should be already made, kept from previous session. This is what happens with 5.2.6 or 5.2.13. Actual result: -------------- Forum open correctly, but previous login is completely forgotten. This is what happens with 5.3.2. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=52018&edit=1
