ID: 29920 User updated by: mbarskey at seattletech dot com Reported By: mbarskey at seattletech dot com Status: Open Bug Type: Session related Operating System: Red Hat Linux release 7.3 PHP Version: 4.3.8 New Comment:
I learned that it is not every instance of Safari that causes PHp to create a null session_id! I am using Safari 1.2.3 v125.9 under OS X 10.3.5 build 7M34 and I get sessions with null session_ids. A version of Safari 1.2.2 v125.8 under OS 10.3.4 seems to have PHP create sessions with a valid session_ids! This sure looks like there is something specific about the one computer/environment causing the problem, but it still looks to me like it is PHP that is actually having the problem: Something about this one client environment is telling the PHP engine on the server to create a null session_id. No? - Mike Previous Comments: ------------------------------------------------------------------------ [2004-09-01 18:27:46] mbarskey at seattletech dot com I forgot to mention: I tried having Safari "disguise" itself by sending other browsers' ID's in the header, but it didn't help. - Mike ------------------------------------------------------------------------ [2004-09-01 16:53:26] mbarskey at seattletech dot com I'm not sure it's a PHP bug. But since PHP creates the session files and the session_id (web browsers don't), I thought the problem of certain sessions not getting a session_id was PHP's fault - even though it only seems to happen for one browser. - Mike ------------------------------------------------------------------------ [2004-09-01 09:46:46] [EMAIL PROTECTED] If safari is the only browser that borks, why do you think it's a bug in PHP? ------------------------------------------------------------------------ [2004-08-31 18:26:04] mbarskey at seattletech dot com Description: ------------ PHP 4.3.8 under Linux Red Hat 7.3, Apache 1.3.31 session_id() returns a null or empty string when hit from the Safari browser under Mac OS X. The extremely simple sample code below works as expected from Netscape (7.2 OS X or 7.1 Win2K) and IE (5.2.3 OS X or 6.0.2800.1106 Win2K), but it creates a session without a session_id when hit from Safari for OS X. All Apache and PHP configurations are identical when hit by working browsers and by Safari. The session gets created and seems to work fine, but there is no session_id. I'm concerned that if 2 different Safari users hit the page simultaneously, they would share the session file. I'm somewhat of a PHP novice, and I've never posted a PHP bug before (I figured people who knew what they were doing would find a bug before I did!), so please don't flame me for doing this incorrectly; instead, tell me how I can better help you (or where I an find a solution - I've searched!). I searched for a previous bug with this decription before posting, but didn't find any. Also, I'm on a shared server, so I cannot try a CVS version. My PHP installation info can be found at <a href='http://www.seattletech.com/phpinfo.php'>http://www.seattletech.com/phpinfo.php</a>. Just in case, here was the configure command: './configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-xml' '--enable-bcmath' '--enable-calendar' '--with-curl' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-gettext' '--with-imap' '--with-imap-ssl' '--with-kerberos' '--with-mcrypt' '--enable-magic-quotes' '--with-mysql' '--enable-discard-path' '--with-pear' '--enable-xslt' '--with-xslt-sablot' '--enable-sockets' '--enable-track-vars' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--enable-versioning' '--with-zlib' ...and here is the session info: Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid On On ...and here is the .htaccess file I'm using: php_value session.save_handler 'user' php_value session.save_path 'php_sessions' php_value auto_prepend_file '/home/seattlet/public_html/registration/mysql_session_handler.php' php_value include_path ".:../" php_flag register_globals off php_flag session.use_trans_sid 1 php_flag log_errors 1 php_value error_log '/home/seattlet/public_html/registration/error_log.txt' php_flag cgi.rfc2616_headers 0 Thanks! - Mike Reproduce code: --------------- <?php session_start(); $_SESSION['id'] = session_id(); print("the session id is: ".$_SESSION['id']); ?> Expected result: ---------------- the session id is: bf76a978c98f980340bcfffe87987e22 Actual result: -------------- the session id is: ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=29920&edit=1