ID: 31369 Comment by: destes at ix dot netcom dot com Reported By: baafie at planet dot nl Status: Open Bug Type: Session related Operating System: Linux Red hat 9 -2.4.20 PHP Version: 4.3.10 New Comment:
This is a potential security issue, since I read the manual as describing the behavior this bug expects (whereas the experienced behavior is very different). The ability to keep session data private (especially SIDs) is very important and I don't think the developers intended trans-sid to extend beyond the use of sessions in a script (i.e., beyond where the session has been destroyed). On a sidenote, you can avoid having trans-sid append your links by using absolute (rather than relative) URLs. I recommend that the original submitter changes this back from Bogus, absolutely zero explanation was given as to why this isn't a bug, and I (personally) happen to disagree. -Steve Previous Comments: ------------------------------------------------------------------------ [2005-01-16 19:00:39] baafie at planet dot nl I reopened this bug to allow another person to comment. Please leave the status as it is, until he has done so. Re: your comment - why are session_destroy() and/or session_write_close() not supposed to unregister the handler? Is there another function that has this functionality? ------------------------------------------------------------------------ [2005-01-16 18:54:16] [EMAIL PROTECTED] Because it's not supposed to unregister the handler. ------------------------------------------------------------------------ [2005-01-16 18:38:03] baafie at planet dot nl Reopened by request. Comment pending. ------------------------------------------------------------------------ [2005-01-02 15:46:14] baafie at planet dot nl Would you mind explaining why this is not a bug? ------------------------------------------------------------------------ [2005-01-02 07:17:36] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31369 -- Edit this bug report at http://bugs.php.net/?id=31369&edit=1
