ID: 30026 Updated by: [EMAIL PROTECTED] Reported By: p dot kruijsen at mssm dot nl -Status: Open +Status: Bogus Bug Type: Session related Operating System: Windows XP / Redhat Linux PHP Version: Irrelevant New Comment:
You are assuming a URL encode will send cookie information along with the request. That is not the case. You will have to do that yourself if that is what you want. See php.net/curl for everything you need to send a request which includes the session cookie. Previous Comments: ------------------------------------------------------------------------ [2004-09-08 14:58:38] p dot kruijsen at mssm dot nl Description: ------------ When include()ing a url through HTTP, $_SESSION variables in the requested page are lost. Opening the same url by hand does preserve the $_SESSION variables. Testcase: Bootstrap a session variable on server1. (OK) Test bootstrap by invoking script on server1. (OK) Invoke script on server2 that includes script on server1. ($_SESSION is lost) This behaviour occurs on various operating systems with various up to date versions of PHP. I suspect this to be some form of security guarantee built into PHP. However, I see no difference in security level between include()ing a file in a script and opening it by hand. Reproduce code: --------------- <?php // server1.com/bootstrap.php session_start(); $_SESSION['bootstrap'] = 'OK'; echo('OK'); ?> <?php // server1.com/test.php session_start(); $_SESSION['server1'] = 'OK'; echo('<pre>server1: $_SESSION = '); print_r($_SESSION); echo('</pre>'); ?> <?php // server2.com/test.php session_start(); include('http://server1.com/test.php'); $_SESSION['server2'] = 'OK'; echo('<pre>server2: $_SESSION = '); print_r($_SESSION); echo('</pre>'); ?> Expected result: ---------------- // invoke server1.com/bootstrap.php OK // invoke server1.com/test.php server1: $_SESSION = Array ( [bootstrap] => OK [server1] => OK ) // invoke server2.com/test.php server1: $_SESSION = Array ( [bootstrap] => OK [server1] => OK ) server2: $_SESSION = Array ( [server2] => OK ) Actual result: -------------- // invoke server2.com/test.php server1: $_SESSION = Array ( [server1] => OK ) server2: $_SESSION = Array ( [server2] => OK ) // Ths initial bootstrap variable is missing from $_SESSION on server1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30026&edit=1