ID: 26583 Updated by: [EMAIL PROTECTED] Reported By: peter dot lerner at commerzbank dot com -Status: Open +Status: Feedback Bug Type: Session related Operating System: Sol8 (Apache+PHP) & WinNT (IE6) PHP Version: 4.3.4 New Comment:
In bug #16408 there's solution posted. Can you verify whether this applies in your case (hostname of the server contains an underscore). Previous Comments: ------------------------------------------------------------------------ [2003-12-10 09:25:56] peter dot lerner at commerzbank dot com Description: ------------ (see also bug #16408, i didn't know how to reopen it!) I'm running php4.3.4 on apache2 on a solaris8 box. Browser is Internet Explorer 6.0.2800.1106CO. When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'. -rw------- 1 myuid mygid 1535549 Dec 10 12:57 sess_null When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>. What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id. It means that *everybody* with an IE6 will *share* this session info from session "null". The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session. Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26583&edit=1
