From: peter dot lerner at commerzbank dot com Operating system: Sol8 (Apache+PHP) & WinNT (IE6) PHP version: 4.3.4 PHP Bug Type: Session related Bug description: PHP in combination with IE6 unable to create valid session-id
Description: ------------ (see also bug #16408, i didn't know how to reopen it!) I'm running php4.3.4 on apache2 on a solaris8 box. Browser is Internet Explorer 6.0.2800.1106CO. When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'. -rw------- 1 myuid mygid 1535549 Dec 10 12:57 sess_null When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>. What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id. It means that *everybody* with an IE6 will *share* this session info from session "null". The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session. Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level. -- Edit bug report at http://bugs.php.net/?id=26583&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26583&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26583&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=26583&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=26583&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=26583&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=26583&r=needscript Try newer version: http://bugs.php.net/fix.php?id=26583&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=26583&r=support Expected behavior: http://bugs.php.net/fix.php?id=26583&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=26583&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=26583&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=26583&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26583&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=26583&r=dst IIS Stability: http://bugs.php.net/fix.php?id=26583&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=26583&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=26583&r=float