ID: 30026
Updated by: [EMAIL PROTECTED]
Reported By: p dot kruijsen at mssm dot nl
-Status: Open
+Status: Bogus
Bug Type: Session related
Operating System: Windows XP / Redhat Linux
PHP Version: Irrelevant
New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.
Thank you for your interest in PHP.
This is still not a bug. Please go to our support channels.
Previous Comments:
[2004-09-15 14:17:36] p dot kruijsen at mssm dot nl
Please not that I am not trying to send any session or cookie
information along with my request. I specifically want to use the
session information that is already present at the server to which I
make the request.
Maybe it's better to assume a 'fopen' rather then an 'include'. If I
sign in to server.com and type http://server.com/check by hand in a
browser, I might recieve a 'You are signed in' message based on a
$_SESSION variable that was set. If I fopen(http://server.com/check)
from another server and print the contents I get 'You are not signed
in, please sign in'. The $_SESSION variable that is already present and
set at server.com (this is the key: I'm not sending anything!) is not
used when opening the server.com/check url via fopen() or include(). I
cannot understand the difference between opening a URL by hand or by
opening it and showing its contents via fopen().
Hope this clarifies. Thanks.
[2004-09-08 17:21:09] [EMAIL PROTECTED]
You are assuming a URL include will send cookie information along with
the request. That is not the case. You will have to do that yourself
if that is what you want. See php.net/curl for everything you need to
send a request which includes the session cookie.
[2004-09-08 14:58:38] p dot kruijsen at mssm dot nl
Description:
When include()ing a url through HTTP, $_SESSION variables in the
requested page are lost. Opening the same url by hand does preserve the
$_SESSION variables.
Testcase:
Bootstrap a session variable on server1. (OK)
Test bootstrap by invoking script on server1. (OK)
Invoke script on server2 that includes script on server1. ($_SESSION is
lost)
This behaviour occurs on various operating systems with various up to
date versions of PHP. I suspect this to be some form of security
guarantee built into PHP. However, I see no difference in security
level between include()ing a file in a script and opening it by hand.
Reproduce code:
---
?php
// server1.com/bootstrap.php
session_start();
$_SESSION['bootstrap'] = 'OK';
echo('OK');
?
?php
// server1.com/test.php
session_start();
$_SESSION['server1'] = 'OK';
echo('preserver1: $_SESSION = ');
print_r($_SESSION);
echo('/pre');
?
?php
// server2.com/test.php
session_start();
include('http://server1.com/test.php');
$_SESSION['server2'] = 'OK';
echo('preserver2: $_SESSION = ');
print_r($_SESSION);
echo('/pre');
?
Expected result:
// invoke server1.com/bootstrap.php
OK
// invoke server1.com/test.php
server1: $_SESSION = Array
(
[bootstrap] = OK
[server1] = OK
)
// invoke server2.com/test.php
server1: $_SESSION = Array
(
[bootstrap] = OK
[server1] = OK
)
server2: $_SESSION = Array
(
[server2] = OK
)
Actual result:
--
// invoke server2.com/test.php
server1: $_SESSION = Array
(
[server1] = OK
)
server2: $_SESSION = Array
(
[server2] = OK
)
// Ths initial bootstrap variable is missing from $_SESSION on server1
--
Edit this bug report at http://bugs.php.net/?id=30026edit=1