Bug #31455 [Com]: multiple session_start() creates multiple session cookies in HTTP-Response
Edit report at https://bugs.php.net/bug.php?id=31455edit=1
ID: 31455
Comment by: danielc at analysisandsolutions dot com
Reported by:rene dot bangemann at web dot de
Summary:multiple session_start() creates multiple session
cookies in HTTP-Response
Status: Wont fix
Type: Bug
Package:Session related
Operating System: Win32
PHP Version:4CVS, 5CVS
Assigned To:tony2001
Block user comment: N
Private report: N
New Comment:
See also: https://bugs.php.net/bug.php?id=31455
Previous Comments:
[2010-10-15 23:26:30] WarrenGaebel at FriendlyNeighbourGuide dot ca
I am experiencing a similar, but not identical problem.
I reload my page multiple times, using session_start() every time it loads.
JavaScript sets cookies that I use in php. When using Internet Explorer,
$_ENV[HTTP_COOKIE] contains multiple entries for each cookie. This does not
happen with Firefox.
As near as I can figure so far, when executing code at a domain named x.y.z,
Internet Explorer sends the cookies for x.y.z followed by the cookies for y.z.
Php then puts both sets of cookies into $_ENV[HTTP_COOKIE].
Perhaps this may be considered a PHP bug, perhaps not. IMHO, this is an
Internet Explorer bug. I post it here in the hope that it may help you resolve
your problem.
... Warren Gaebel, B.A., B.C.S.
[2005-02-14 00:18:30] rene dot bangemann at web dot de
Ok, you are right that someone could start several sessions within one request.
But thats not my use case:
I'm using a PHP script to perform some actions which can take up to some hours.
E.G. for displaying progress information about the running process a second php
script needs to access the session vars. This forces to close the session file
via session_write_close() in the first script. After this function call, the
second PHP script can do a session_start() and access the current values of the
session vars.
After finishing the second request the session file will be closed again.
If the first script has to store new values of session related vars in the
session file, it uses a combination of session_start() and
session_write_close() to update the content within the session file.
Unfortunatly in my case this can happen very often (because of the long
execution time).
Under normal circumstances I could live with this feature :-). But I'm afraid
that in combination with HTML frames this behaviour of PHP can force deadlocks
in different browsers like Internet Explorer or Mozilla. Unfortunately I can't
present a 100% working example for reproducable deadlocks.
I would suggest to create a flag containing true or false, if the Cookie for
the current session id already was sent or not.
If the cookie wasn't already sent, or the used session id changes, of course
another Cookie has to be sent.
[2005-02-13 18:03:51] tony2...@php.net
Okay, no more dirty hacks =)
Marking it as won't fix and considering as a feature.
[2005-02-13 09:44:30] sni...@php.net
Then how would you handle this (very unlikely :) code:
?php
session_name('foo1');
session_id('foobar1');
session_start();
session_write_close();
session_name('foo2');
session_id('foobar2');
session_start();
session_write_close();
session_name('foo3');
session_id('foobar3');
session_start();
session_write_close();
?
Yes, someone MIGHT rely on that kind of code too.
And as it IS possible to start as many _different_ sessions in single
request, why should we not allow it?
(this is actually for Tony, FYI when he figures out how to fix this bug :)
[2005-01-09 15:49:13] rene dot bangemann at web dot de
Description:
I'm using a combination of session_start() and session_write_close() to access
and update session variables.
In some scripts this function calls will be executed up to 50 times.
For each call of session_start() a HTTP-Header with the PHP session id will be
created in the same HTTP response.
I would expect, that in the HTTP response will be only one HTTP-Header with the
session id.
Reproduce code:
---
?php
session_start();
session_write_close();
session_start();
session_write_close();
session_start();
session_write_close();
?
Expected result:
HTTP-Header Set-Cookie with PHP session id created only once in HTTP response
Actual result:
--
The code above will create a HTTP response with three identical HTTP Set-Cookie
headers
--
Edit this bug report at
Bug #31455 [Com]: multiple session_start() creates multiple session cookies in HTTP-Response
Edit report at https://bugs.php.net/bug.php?id=31455edit=1
ID: 31455
Comment by: danielc at analysisandsolutions dot com
Reported by:rene dot bangemann at web dot de
Summary:multiple session_start() creates multiple session
cookies in HTTP-Response
Status: Wont fix
Type: Bug
Package:Session related
Operating System: Win32
PHP Version:4CVS, 5CVS
Assigned To:tony2001
Block user comment: N
Private report: N
New Comment:
I mean to say, see also: https://bugs.php.net/bug.php?id=38104
Previous Comments:
[2011-11-20 05:21:02] danielc at analysisandsolutions dot com
See also: https://bugs.php.net/bug.php?id=31455
[2010-10-15 23:26:30] WarrenGaebel at FriendlyNeighbourGuide dot ca
I am experiencing a similar, but not identical problem.
I reload my page multiple times, using session_start() every time it loads.
JavaScript sets cookies that I use in php. When using Internet Explorer,
$_ENV[HTTP_COOKIE] contains multiple entries for each cookie. This does not
happen with Firefox.
As near as I can figure so far, when executing code at a domain named x.y.z,
Internet Explorer sends the cookies for x.y.z followed by the cookies for y.z.
Php then puts both sets of cookies into $_ENV[HTTP_COOKIE].
Perhaps this may be considered a PHP bug, perhaps not. IMHO, this is an
Internet Explorer bug. I post it here in the hope that it may help you resolve
your problem.
... Warren Gaebel, B.A., B.C.S.
[2005-02-14 00:18:30] rene dot bangemann at web dot de
Ok, you are right that someone could start several sessions within one request.
But thats not my use case:
I'm using a PHP script to perform some actions which can take up to some hours.
E.G. for displaying progress information about the running process a second php
script needs to access the session vars. This forces to close the session file
via session_write_close() in the first script. After this function call, the
second PHP script can do a session_start() and access the current values of the
session vars.
After finishing the second request the session file will be closed again.
If the first script has to store new values of session related vars in the
session file, it uses a combination of session_start() and
session_write_close() to update the content within the session file.
Unfortunatly in my case this can happen very often (because of the long
execution time).
Under normal circumstances I could live with this feature :-). But I'm afraid
that in combination with HTML frames this behaviour of PHP can force deadlocks
in different browsers like Internet Explorer or Mozilla. Unfortunately I can't
present a 100% working example for reproducable deadlocks.
I would suggest to create a flag containing true or false, if the Cookie for
the current session id already was sent or not.
If the cookie wasn't already sent, or the used session id changes, of course
another Cookie has to be sent.
[2005-02-13 18:03:51] tony2...@php.net
Okay, no more dirty hacks =)
Marking it as won't fix and considering as a feature.
[2005-02-13 09:44:30] sni...@php.net
Then how would you handle this (very unlikely :) code:
?php
session_name('foo1');
session_id('foobar1');
session_start();
session_write_close();
session_name('foo2');
session_id('foobar2');
session_start();
session_write_close();
session_name('foo3');
session_id('foobar3');
session_start();
session_write_close();
?
Yes, someone MIGHT rely on that kind of code too.
And as it IS possible to start as many _different_ sessions in single
request, why should we not allow it?
(this is actually for Tony, FYI when he figures out how to fix this bug :)
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=31455
--
Edit this bug report at https://bugs.php.net/bug.php?id=31455edit=1
Bug #31455 [Com]: multiple session_start() creates multiple session cookies in HTTP-Response
Edit report at http://bugs.php.net/bug.php?id=31455edit=1
ID: 31455
Comment by: WarrenGaebel at FriendlyNeighbourGuide dot ca
Reported by:rene dot bangemann at web dot de
Summary:multiple session_start() creates multiple session
cookies in HTTP-Response
Status: Wont fix
Type: Bug
Package:Session related
Operating System: Win32
PHP Version:4CVS, 5CVS
Assigned To:tony2001
Block user comment: N
New Comment:
I am experiencing a similar, but not identical problem.
I reload my page multiple times, using session_start() every time it
loads. JavaScript sets cookies that I use in php. When using Internet
Explorer, $_ENV[HTTP_COOKIE] contains multiple entries for each
cookie. This does not happen with Firefox.
As near as I can figure so far, when executing code at a domain named
x.y.z, Internet Explorer sends the cookies for x.y.z followed by the
cookies for y.z. Php then puts both sets of cookies into
$_ENV[HTTP_COOKIE].
Perhaps this may be considered a PHP bug, perhaps not. IMHO, this is an
Internet Explorer bug. I post it here in the hope that it may help you
resolve your problem.
... Warren Gaebel, B.A., B.C.S.
Previous Comments:
[2005-02-14 00:18:30] rene dot bangemann at web dot de
Ok, you are right that someone could start several sessions within one
request. But thats not my use case:
I'm using a PHP script to perform some actions which can take up to some
hours.
E.G. for displaying progress information about the running process a
second php script needs to access the session vars. This forces to close
the session file via session_write_close() in the first script. After
this function call, the second PHP script can do a session_start() and
access the current values of the session vars.
After finishing the second request the session file will be closed
again.
If the first script has to store new values of session related vars in
the session file, it uses a combination of session_start() and
session_write_close() to update the content within the session file.
Unfortunatly in my case this can happen very often (because of the long
execution time).
Under normal circumstances I could live with this feature :-). But I'm
afraid that in combination with HTML frames this behaviour of PHP can
force deadlocks in different browsers like Internet Explorer or Mozilla.
Unfortunately I can't present a 100% working example for reproducable
deadlocks.
I would suggest to create a flag containing true or false, if the Cookie
for the current session id already was sent or not.
If the cookie wasn't already sent, or the used session id changes, of
course another Cookie has to be sent.
[2005-02-13 18:03:51] tony2...@php.net
Okay, no more dirty hacks =)
Marking it as won't fix and considering as a feature.
[2005-02-13 09:44:30] sni...@php.net
Then how would you handle this (very unlikely :) code:
?php
session_name('foo1');
session_id('foobar1');
session_start();
session_write_close();
session_name('foo2');
session_id('foobar2');
session_start();
session_write_close();
session_name('foo3');
session_id('foobar3');
session_start();
session_write_close();
?
Yes, someone MIGHT rely on that kind of code too.
And as it IS possible to start as many _different_ sessions in single
request, why should we not allow it?
(this is actually for Tony, FYI when he figures out how to fix this bug
:)
[2005-01-09 15:49:13] rene dot bangemann at web dot de
Description:
I'm using a combination of session_start() and session_write_close() to
access and update session variables.
In some scripts this function calls will be executed up to 50 times.
For each call of session_start() a HTTP-Header with the PHP session id
will be created in the same HTTP response.
I would expect, that in the HTTP response will be only one HTTP-Header
with the session id.
Reproduce code:
---
?php
session_start();
session_write_close();
session_start();
session_write_close();
session_start();
session_write_close();
?
Expected result:
HTTP-Header Set-Cookie with PHP session id created only once in HTTP
response
Actual result:
--
The code above will create a HTTP response with three identical HTTP
Set-Cookie headers
--
Edit this bug report at http://bugs.php.net/bug.php?id=31455edit=1
