subject:"#25934 \[Opn\-Bgs\]\: SessionID in URL sometimes ignored"

#25934 [Opn-Bgs]: SessionID in URL sometimes ignored

2003-11-03 Thread sniper

 ID:   25934
 Updated by:   [EMAIL PROTECTED]
 Reported By:  php at webfreezer dot com
-Status:   Open
+Status:   Bogus
 Bug Type: Session related
 Operating System: SuSe Linux 8.1
 PHP Version:  4.3.3
 New Comment:

As you don't give an example script we have to assume that you're just
doing something wrong. This works just fine for me.



Previous Comments:


[2003-11-03 06:41:08] php at webfreezer dot com

Additional note:
DOMAINNAME in session.save_path is just the concealed domain name.



[2003-11-03 06:39:24] php at webfreezer dot com

This is an excerpt of ini_get_all vardump´ed:

 [session.auto_start] array(3) = {
[global_value] string(1) = 0
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.bug_compat_42] array(3) = {
[global_value] string(1) = 1
[local_value] string(1) = 1
[access] int(7) = 
  }
  [session.bug_compat_warn] array(3) = {
[global_value] string(1) = 1
[local_value] string(1) = 1
[access] int(7) = 
  }
  [session.cache_expire] array(3) = {
[global_value] string(2) = 60
[local_value] string(3) = 180
[access] int(7) = 
  }
  [session.cache_limiter] array(3) = {
[global_value] string(7) = nocache
[local_value] string(7) = nocache
[access] int(7) = 
  }
  [session.cookie_domain] array(3) = {
[global_value] string(0) = 
[local_value] string(0) = 
[access] int(7) = 
  }
  [session.cookie_lifetime] array(3) = {
[global_value] string(1) = 0
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.cookie_path] array(3) = {
[global_value] string(1) = /
[local_value] string(1) = /
[access] int(7) = 
  }
  [session.cookie_secure] array(3) = {
[global_value] string(0) = 
[local_value] string(0) = 
[access] int(7) = 
  }
  [session.entropy_file] array(3) = {
[global_value] string(0) = 
[local_value] string(0) = 
[access] int(7) = 
  }
  [session.entropy_length] array(3) = {
[global_value] string(1) = 0
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.gc_divisor] array(3) = {
[global_value] string(3) = 100
[local_value] string(3) = 100
[access] int(7) = 
  }
  [session.gc_maxlifetime] array(3) = {
[global_value] string(4) = 1440
[local_value] string(4) = 1440
[access] int(7) = 
  }
  [session.gc_probability] array(3) = {
[global_value] string(1) = 1
[local_value] string(1) = 1
[access] int(7) = 
  }
  [session.name] array(3) = {
[global_value] string(9) = PHPSESSID
[local_value] string(9) = sessionID
[access] int(7) = 
  }
  [session.referer_check] array(3) = {
[global_value] string(0) = 
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.save_handler] array(3) = {
[global_value] string(5) = files
[local_value] string(5) = files
[access] int(7) = 
  }
  [session.save_path] array(3) = {
[global_value] string(4) = /tmp
[local_value] string(44) = /var/www/DOMAINNAME/temp/sessions
[access] int(7) = 
  }
  [session.serialize_handler] array(3) = {
[global_value] string(3) = php
[local_value] string(3) = php
[access] int(7) = 
  }
  [session.use_cookies] array(3) = {
[global_value] string(1) = 1
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.use_only_cookies] array(3) = {
[global_value] string(1) = 0
[local_value] string(1) = 0
[access] int(7) = 
  }
  [session.use_trans_sid] array(3) = {
[global_value] string(1) = 0
[local_value] string(1) = 0
[access] int(6) = 
  }



[2003-10-29 19:58:00] [EMAIL PROTECTED]

Could you please show all your session related INI values after any
ini_set() or session_set_cookie_params() that your script normally
makes.



[2003-10-22 06:01:14] php at webfreezer dot com

Sorry, ini_set(session.name, sessionID) is called before, NOT
ini_set(session-name...



[2003-10-22 05:59:38] php at webfreezer dot com

I don´t access the sessionID in the scripts directly via any $_GET or
$_POST. I only use PHP´s session_id() and session_name() functions
throughout the scripts.

After testing the current PHP snap there has been no change in the
behavior so I changed the version back to 4.3.3.

However I tried something different.
I appended PHPSESSID={SESSIONID} to the URL so that it now looks like
file.php?sessionID={SESSIONID}PHPSESSID={SESSIONID} when such a
session loss occured and it works!
As I stated before the session file exists and contains the correct
data so the session is kind of restored that way.

ini_get(session.name) however correctly returns sessionID on

#25934 [Opn-Bgs]: SessionID in URL sometimes ignored

2003-10-21 Thread iliaa

 ID:   25934
 Updated by:   [EMAIL PROTECTED]
 Reported By:  php at webfreezer dot com
-Status:   Open
+Status:   Bogus
 Bug Type: Session related
 Operating System: SuSe Linux 8.1
 PHP Version:  4.3.3
 New Comment:

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

If the session has expired or the session id is invalid of cource will
ignore that session.


Previous Comments:


[2003-10-21 08:37:47] php at webfreezer dot com

Description:

PHP sometimes does not want to use the sessionID given via GET! This
happens only on some occasions however it is reproducible on such a
certain page. I regret that I cannot post a short code snippet because
it simply does not happen when testing with a short code snippet.

What happens is the following:
- the SID is used as a GET parameter (this works on every other page!)
- $sidname=session_name(); echo $_GET[$sidname] outputs the correct SID
visible in the URL (e.g.
/search.php?page=2qid=1sessionID=1291bfd78301f151803ca632cd41f626)
- however echo session_id() outputs a totally different SID!
- both (old and new) SID files exist and are readable

session.auto_start=0
session.use_cookies=0
session.use_only_cookies=0
session.referer_check=0

I even implemented my own session handler and it appears that PHP does
not even call the OPEN function for the old SID that it no longer
wants to use.

I also tried to use the generic PHPSESSID name instead of the custom
sessionID by not setting the custom name, but the problem still
exists.

This is my configure line:

'./configure' '--with-apache=../apache_1.3.28'
'--with-mhash=/usr/local/lib' '--with-zlib-dir=/usr/local/lib'
'--with-zip=/usr/local/lib' '--enable-memory-limit'
'--enable-versioning' '--with-gd' '--enable-exif'
'--with-config-file-path=/etc' '--enable-magic-quotes'
'--enable-thread-safety' '--with-gettext' '--with-xml' '--with-mcrypt'
'--enable-calendar' '--enable-bcmath' '--with-curl'
'--with-curlwrappers' '--enable-ftp' '--enable-wddx'
'--with-jpeg-dir=/usr/lib' 






-- 
Edit this bug report at http://bugs.php.net/?id=25934edit=1

#25934 [Opn-Bgs]: SessionID in URL sometimes ignored

#25934 [Opn-Bgs]: SessionID in URL sometimes ignored

2 matches

Site Navigation

Mail list logo

Footer information