ID: 40973 User updated by: krassesache at gmx dot net Reported By: krassesache at gmx dot net Status: Bogus Bug Type: Session related Operating System: WinXP SP2 PHP Version: 5.2.1 New Comment:
; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. session.referer_check --> string damn it >.< selfowned Previous Comments: ------------------------------------------------------------------------ [2007-04-05 10:12:39] krassesache at gmx dot net i see... it's not a bug, it a feature :D ------------------------------------------------------------------------ [2007-04-05 00:56:16] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php session.referer_check is used to see if a substring is present in the referrer, its not a boolean flag. ------------------------------------------------------------------------ [2007-04-05 00:39:01] krassesache at gmx dot net okay, no firewall / windows firewall is off phpinfo() of my localhost: http://blakkcooper.de/phpinfo.php.html you see session.referer_check is set to "no value". no matter if i set it to "0" or "1", the sessions don't work. it works only with "no value". i tested the example again and this happened: opened http://localhost --> no session established (normal) opened http://localhost/foobar.php --> new session established opened http://localhost/foobar2.php --> a NEW SESSION was established (news SESSID) i tested this with firefox 2.0.0.2, opera 9.02 and session.referer_check = 0 it's nuts! my example works sometimes, sometimes not?! it seems that it's random... on my website it works NEVER. it's like god will fuck me up -.- ------------------------------------------------------------------------ [2007-04-04 18:46:53] [EMAIL PROTECTED] Please provide some more information on your environment: the webserver used, server API (cgi or module). Do you have any firewalls that might affect it? Are you sure the code provided is enough to reproduce it? ------------------------------------------------------------------------ [2007-04-04 18:31:36] krassesache at gmx dot net okay, dont know why but in my case it's the reason. maybe a very specific problem. never mind... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40973 -- Edit this bug report at http://bugs.php.net/?id=40973&edit=1