#30026 [Opn->Bgs]: Session variables lost with include through http

Wed, 08 Sep 2004 08:26:07 -0700 

 ID:               30026
 Updated by:       [EMAIL PROTECTED]
 Reported By:      p dot kruijsen at mssm dot nl
-Status:           Open
+Status:           Bogus
 Bug Type:         Session related
 Operating System: Windows XP / Redhat Linux
 PHP Version:      Irrelevant
 New Comment:

You are assuming a URL encode will send cookie information along with
the request.  That is not the case.  You will have to do that yourself
if that is what you want.  See php.net/curl for everything you need to
send a request which includes the session cookie.


Previous Comments:
------------------------------------------------------------------------

[2004-09-08 14:58:38] p dot kruijsen at mssm dot nl

Description:
------------
When include()ing a url through HTTP, $_SESSION variables in the
requested page are lost. Opening the same url by hand does preserve the
$_SESSION variables.

Testcase:
Bootstrap a session variable on server1. (OK)
Test bootstrap by invoking script on server1. (OK)
Invoke script on server2 that includes script on server1. ($_SESSION is
lost)

This behaviour occurs on various operating systems with various up to
date versions of PHP. I suspect this to be some form of security
guarantee built into PHP. However, I see no difference in security
level between include()ing a file in a script and opening it by hand.

Reproduce code:
---------------
<?php
// server1.com/bootstrap.php
session_start();
$_SESSION['bootstrap'] = 'OK';
echo('OK');
?>

<?php
// server1.com/test.php
session_start();
$_SESSION['server1'] = 'OK';
echo('<pre>server1: $_SESSION = ');
print_r($_SESSION);
echo('</pre>');
?>

<?php
// server2.com/test.php
session_start();
include('http://server1.com/test.php');
$_SESSION['server2'] = 'OK';
echo('<pre>server2: $_SESSION = ');
print_r($_SESSION);
echo('</pre>');
?>

Expected result:
----------------
// invoke server1.com/bootstrap.php
OK

// invoke server1.com/test.php
server1: $_SESSION = Array
(
    [bootstrap] => OK
    [server1] => OK
)

// invoke server2.com/test.php
server1: $_SESSION = Array
(
    [bootstrap] => OK
    [server1] => OK
)
server2: $_SESSION = Array
(
    [server2] => OK
)


Actual result:
--------------
// invoke server2.com/test.php
server1: $_SESSION = Array
(
    [server1] => OK
)
server2: $_SESSION = Array
(
    [server2] => OK
)

// Ths initial bootstrap variable is missing from $_SESSION on server1


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=30026&edit=1

Reply via email to