ID: 25934 Updated by: [EMAIL PROTECTED] Reported By: php at webfreezer dot com -Status: Closed +Status: Bogus Bug Type: Session related Operating System: SuSe Linux 8.1 PHP Version: 4.3.4
Previous Comments: ------------------------------------------------------------------------ [2004-01-22 10:37:37] php at webfreezer dot com Never thought that I`d set one of my own bug reports to "Bogus" ;-) The problem was that I set "session.referer_check" to "0" via ini_set (to override any possible change in php.ini), because somehow I thought that this would deactivate the referer check and not knowing that this would mark the given sessionID as invalid if the string "0" is not contained in the referring URL. Sorry! :-) ------------------------------------------------------------------------ [2003-11-17 18:15:42] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2003-11-05 11:32:59] [EMAIL PROTECTED] Provide a complete example script. And FYI: for security reasons you really should use only cookies for passing the session ID around.. ------------------------------------------------------------------------ [2003-11-05 03:00:31] php at webfreezer dot com This still happens in Version 4.3.4 which is now installed on the live system. What I do: - ini_set(session settings...) - session_start() - accessing the session values via $_SESSION - I donīt use sesson_register() and session_unregister() - Post a form via GET -> error occurs? -> redirect via header() with attached SID -> display page -> PHP ignores given sessionID - URL e.g. error.php?e=noresults_city&qid=1&sessionID=92f9dcf7a0d89eaa2b0bc8f2e4dfd460&token=d03d28781b196bd362b9aeb7844e8e85 - session_id() however is different from "$_GET[session_name()]" then - The error occurs everytime a new session is used (e.g. accessing the website and submitting the form for the first time int the session) I found at least a workaround for that: // Auto-Reset to correct session data $sn=session_name(); if($_GET[$sn] != session_id()) { $sessionSavePath=ini_get("session.save_path"); $oldSessionContent=file_get_contents($sessionSavePath."/sess_".$_GET[$sn]); session_decode($oldSessionContent); } If the error occurs it is now fixed on-the-fly. This works _everytime_ when the error occurs. As I said before the session file exists, it is readable and can be accessed without any problems, so itīs no wonder this workaround works. ------------------------------------------------------------------------ [2003-10-21 08:37:47] php at webfreezer dot com Description: ------------ PHP sometimes does not want to use the sessionID given via GET! This happens only on some occasions however it is reproducible on such a certain page. I regret that I cannot post a short code snippet because it simply does not happen when testing with a short code snippet. What happens is the following: - the SID is used as a GET parameter (this works on every other page!) - $sidname=session_name(); echo $_GET[$sidname] outputs the correct SID visible in the URL (e.g. "/search.php?page=2&qid=1&sessionID=1291bfd78301f151803ca632cd41f626") - however echo session_id() outputs a totally different SID! - both (old and new) SID files exist and are readable session.auto_start=0 session.use_cookies=0 session.use_only_cookies=0 session.referer_check=0 I even implemented my own session handler and it appears that PHP does not even call the OPEN function for the "old" SID that it no longer wants to use. I also tried to use the generic PHPSESSID name instead of the custom "sessionID" by not setting the custom name, but the problem still exists. This is my configure line: './configure' '--with-apache=../apache_1.3.28' '--with-mhash=/usr/local/lib' '--with-zlib-dir=/usr/local/lib' '--with-zip=/usr/local/lib' '--enable-memory-limit' '--enable-versioning' '--with-gd' '--enable-exif' '--with-config-file-path=/etc' '--enable-magic-quotes' '--enable-thread-safety' '--with-gettext' '--with-xml' '--with-mcrypt' '--enable-calendar' '--enable-bcmath' '--with-curl' '--with-curlwrappers' '--enable-ftp' '--enable-wddx' '--with-jpeg-dir=/usr/lib' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25934&edit=1