#37095 [Opn->Csd]: cookie returns random value
ID: 37095
User updated by: giaym at hotmail dot com
Reported By: giaym at hotmail dot com
-Status: Open
+Status: Closed
Bug Type: Session related
Operating System: Windows 2000
PHP Version: 5.1.2
New Comment:
Closing.
Previous Comments:
[2006-04-16 22:28:57] giaym at hotmail dot com
Both IE6 and Firefox? Although what you say makes sense phpinfo shows
php doing the right thing. This would be a php bug only if phpinfo()
was returning the wrong data, which is unlikely.
[2006-04-16 07:59:25] [EMAIL PROTECTED]
So, your browser sends wrong data to PHP script, am I correct? Why do
you report it to PHP bug system then?
[2006-04-16 02:18:33] giaym at hotmail dot com
Oh, same behavior for IE6. The server is located on the same machine as
the browser.
[2006-04-16 02:14:59] giaym at hotmail dot com
Description:
Randomly, the cookies send back random values to the server, values
different than those set the previous page load.
I use session auto start on php.ini. PHP runs on Apache 2.
Reproduce code:
---
a, b, locka and lockb are cookies set with setcookie(, ,
0, "/");
if($somevar == "lock") {
echo "lock";
Set cookies locka and lockb with the values of cookies a and b
respectively.
} else if($somevar == "random") {
echo "random";
Delete locka and lockb, and give a random value to a.
} else {
echo "none";
if(locka not set) Set random value to a.
}
if (b not set) Set random value to b.
Enter pages in that order:
www.domain.com/page/
www.domain.com/page/lock/
www.domain.com/page/random/
www.domain.com/page/lock/
(The if logic works, this is not a case of $somevar holding an
incorrect value.)
Expected result:
www.domain.com/page/
received cookies: none
output: none
sent cookies: a with value x; b with value y
www.domain.com/page/lock/
received cookies: a with value x
output: lock
sent cookies: lock a = x; lock b = y
www.domain.com/page/random/
received cookies: a with value x; b with value y; locka with value x;
lockb with value y
output: random
sent cookies: delete lock a; delete lock b; a = z
www.domain.com/page/lock/
received cookies: a with value z; b with value y
output: lock
sent cookies: lock a = z; lock b = y
Actual result:
--
Everything as expected except the last page load: The cookie received
isn't a = z, it is a = q, I mean, another value. The server then sends
"lock a = q" following the logic.
PHPSESSID is received and reset on every page load.
1.
HTTP Request Headers
HTTP RequestGET /page/ HTTP/1.1
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2
HTTP Response Headers
Set-Cookie PHPSESSID=3fo392aek7m274550d9oppqdo6; path=/
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma no-cache
Set-Cookie a=3; path=/
Set-Cookie b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
2. (The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the values of a and b)
HTTP Response Headers
Set-Cookie locka=3; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
3.(The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/random/ HTTP/1.1
Cookie
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52;
locka=3;
lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We delete the locked values and set a random value for a, this case
2)
HTTP Response Headers
Set-Cookie locka=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie lockb=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie a=2; path=/
4. (The request is not as expected, that value for 'a' had not even
been used in the whole run -we are getting 1)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=1;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the received values, this case 1)
HTTP Response Headers
Set-Cookie locka=1; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
--
Edit this bug report at http://bugs.php.net/?id=37095&edit=1
#37095 [Fbk->Opn]: cookie returns random value
ID: 37095
User updated by: giaym at hotmail dot com
Reported By: giaym at hotmail dot com
-Status: Feedback
+Status: Open
Bug Type: Session related
Operating System: Windows 2000
PHP Version: 5.1.2
New Comment:
Both IE6 and Firefox? Although what you say makes sense phpinfo shows
php doing the right thing. This would be a php bug only if phpinfo()
was returning the wrong data, which is unlikely.
Previous Comments:
[2006-04-16 07:59:25] [EMAIL PROTECTED]
So, your browser sends wrong data to PHP script, am I correct? Why do
you report it to PHP bug system then?
[2006-04-16 02:18:33] giaym at hotmail dot com
Oh, same behavior for IE6. The server is located on the same machine as
the browser.
[2006-04-16 02:14:59] giaym at hotmail dot com
Description:
Randomly, the cookies send back random values to the server, values
different than those set the previous page load.
I use session auto start on php.ini. PHP runs on Apache 2.
Reproduce code:
---
a, b, locka and lockb are cookies set with setcookie(, ,
0, "/");
if($somevar == "lock") {
echo "lock";
Set cookies locka and lockb with the values of cookies a and b
respectively.
} else if($somevar == "random") {
echo "random";
Delete locka and lockb, and give a random value to a.
} else {
echo "none";
if(locka not set) Set random value to a.
}
if (b not set) Set random value to b.
Enter pages in that order:
www.domain.com/page/
www.domain.com/page/lock/
www.domain.com/page/random/
www.domain.com/page/lock/
(The if logic works, this is not a case of $somevar holding an
incorrect value.)
Expected result:
www.domain.com/page/
received cookies: none
output: none
sent cookies: a with value x; b with value y
www.domain.com/page/lock/
received cookies: a with value x
output: lock
sent cookies: lock a = x; lock b = y
www.domain.com/page/random/
received cookies: a with value x; b with value y; locka with value x;
lockb with value y
output: random
sent cookies: delete lock a; delete lock b; a = z
www.domain.com/page/lock/
received cookies: a with value z; b with value y
output: lock
sent cookies: lock a = z; lock b = y
Actual result:
--
Everything as expected except the last page load: The cookie received
isn't a = z, it is a = q, I mean, another value. The server then sends
"lock a = q" following the logic.
PHPSESSID is received and reset on every page load.
1.
HTTP Request Headers
HTTP RequestGET /page/ HTTP/1.1
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2
HTTP Response Headers
Set-Cookie PHPSESSID=3fo392aek7m274550d9oppqdo6; path=/
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma no-cache
Set-Cookie a=3; path=/
Set-Cookie b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
2. (The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the values of a and b)
HTTP Response Headers
Set-Cookie locka=3; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
3.(The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/random/ HTTP/1.1
Cookie
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52;
locka=3;
lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We delete the locked values and set a random value for a, this case
2)
HTTP Response Headers
Set-Cookie locka=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie lockb=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie a=2; path=/
4. (The request is not as expected, that value for 'a' had not even
been used in the whole run -we are getting 1)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=1;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the received values, this case 1)
HTTP Response Headers
Set-Cookie locka=1; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
--
Edit this bug report at http://bugs.php.net/?id=37095&edit=1
#37095 [Opn]: cookie returns random value
ID: 37095
User updated by: giaym at hotmail dot com
Reported By: giaym at hotmail dot com
Status: Open
Bug Type: Session related
Operating System: Windows 2000
PHP Version: 5.1.2
New Comment:
Oh, same behavior for IE6. The server is located on the same machine as
the browser.
Previous Comments:
[2006-04-16 02:14:59] giaym at hotmail dot com
Description:
Randomly, the cookies send back random values to the server, values
different than those set the previous page load.
I use session auto start on php.ini. PHP runs on Apache 2.
Reproduce code:
---
a, b, locka and lockb are cookies set with setcookie(, ,
0, "/");
if($somevar == "lock") {
echo "lock";
Set cookies locka and lockb with the values of cookies a and b
respectively.
} else if($somevar == "random") {
echo "random";
Delete locka and lockb, and give a random value to a.
} else {
echo "none";
if(locka not set) Set random value to a.
}
if (b not set) Set random value to b.
Enter pages in that order:
www.domain.com/page/
www.domain.com/page/lock/
www.domain.com/page/random/
www.domain.com/page/lock/
(The if logic works, this is not a case of $somevar holding an
incorrect value.)
Expected result:
www.domain.com/page/
received cookies: none
output: none
sent cookies: a with value x; b with value y
www.domain.com/page/lock/
received cookies: a with value x
output: lock
sent cookies: lock a = x; lock b = y
www.domain.com/page/random/
received cookies: a with value x; b with value y; locka with value x;
lockb with value y
output: random
sent cookies: delete lock a; delete lock b; a = z
www.domain.com/page/lock/
received cookies: a with value z; b with value y
output: lock
sent cookies: lock a = z; lock b = y
Actual result:
--
Everything as expected except the last page load: The cookie received
isn't a = z, it is a = q, I mean, another value. The server then sends
"lock a = q" following the logic.
PHPSESSID is received and reset on every page load.
1.
HTTP Request Headers
HTTP RequestGET /page/ HTTP/1.1
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2
HTTP Response Headers
Set-Cookie PHPSESSID=3fo392aek7m274550d9oppqdo6; path=/
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma no-cache
Set-Cookie a=3; path=/
Set-Cookie b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
2. (The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the values of a and b)
HTTP Response Headers
Set-Cookie locka=3; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
3.(The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/random/ HTTP/1.1
Cookie
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52;
locka=3;
lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We delete the locked values and set a random value for a, this case
2)
HTTP Response Headers
Set-Cookie locka=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie lockb=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT;
path=/
Set-Cookie a=2; path=/
4. (The request is not as expected, that value for 'a' had not even
been used in the whole run -we are getting 1)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=1;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the received values, this case 1)
HTTP Response Headers
Set-Cookie locka=1; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
--
Edit this bug report at http://bugs.php.net/?id=37095&edit=1
#37095 [NEW]: cookie returns random value
From: giaym at hotmail dot com
Operating system: Windows 2000
PHP version: 5.1.2
PHP Bug Type: Session related
Bug description: cookie returns random value
Description:
Randomly, the cookies send back random values to the server, values
different than those set the previous page load.
I use session auto start on php.ini. PHP runs on Apache 2.
Reproduce code:
---
a, b, locka and lockb are cookies set with setcookie(, , 0,
"/");
if($somevar == "lock") {
echo "lock";
Set cookies locka and lockb with the values of cookies a and b
respectively.
} else if($somevar == "random") {
echo "random";
Delete locka and lockb, and give a random value to a.
} else {
echo "none";
if(locka not set) Set random value to a.
}
if (b not set) Set random value to b.
Enter pages in that order:
www.domain.com/page/
www.domain.com/page/lock/
www.domain.com/page/random/
www.domain.com/page/lock/
(The if logic works, this is not a case of $somevar holding an incorrect
value.)
Expected result:
www.domain.com/page/
received cookies: none
output: none
sent cookies: a with value x; b with value y
www.domain.com/page/lock/
received cookies: a with value x
output: lock
sent cookies: lock a = x; lock b = y
www.domain.com/page/random/
received cookies: a with value x; b with value y; locka with value x;
lockb with value y
output: random
sent cookies: delete lock a; delete lock b; a = z
www.domain.com/page/lock/
received cookies: a with value z; b with value y
output: lock
sent cookies: lock a = z; lock b = y
Actual result:
--
Everything as expected except the last page load: The cookie received
isn't a = z, it is a = q, I mean, another value. The server then sends
"lock a = q" following the logic.
PHPSESSID is received and reset on every page load.
1.
HTTP Request Headers
HTTP RequestGET /page/ HTTP/1.1
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2
HTTP Response Headers
Set-Cookie PHPSESSID=3fo392aek7m274550d9oppqdo6; path=/
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma no-cache
Set-Cookie a=3; path=/
Set-Cookie b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
2. (The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the values of a and b)
HTTP Response Headers
Set-Cookie locka=3; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
3.(The request is as expected)
HTTP Request Headers
HTTP RequestGET /page/random/ HTTP/1.1
Cookie
a=3;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52;
locka=3;
lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We delete the locked values and set a random value for a, this case 2)
HTTP Response Headers
Set-Cookie locka=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT; path=/
Set-Cookie lockb=deleted; expires=Sat, 16-Apr-2005 01:33:24 GMT; path=/
Set-Cookie a=2; path=/
4. (The request is not as expected, that value for 'a' had not even been
used in the whole run -we are getting 1)
HTTP Request Headers
HTTP RequestGET /page/lock/ HTTP/1.1
a=1;
b=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52
(We lock the received values, this case 1)
HTTP Response Headers
Set-Cookie locka=1; path=/
Set-Cookie lockb=91-5-177-39-4-61-87-25-1-42-0-50-64-5-164-52; path=/
--
Edit bug report at http://bugs.php.net/?id=37095&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37095&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=37095&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37095&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37095&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37095&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37095&r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=37095&r=needscript
Try newer version:http://bugs.php.net/fix.php?id=37095&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37095&r=support
Expected behavior:http://bugs.php.net/fix.php?id=37095&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37095&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37095&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37095&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37095&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37095&r=dst
IIS Stability:http:/
