From: mbarskey at seattletech dot com Operating system: Red Hat Linux release 7.3 PHP version: 4.3.8 PHP Bug Type: Session related Bug description: empty session_id() is created for Safari browser
Description: ------------ PHP 4.3.8 under Linux Red Hat 7.3, Apache 1.3.31 session_id() returns a null or empty string when hit from the Safari browser under Mac OS X. The extremely simple sample code below works as expected from Netscape (7.2 OS X or 7.1 Win2K) and IE (5.2.3 OS X or 6.0.2800.1106 Win2K), but it creates a session without a session_id when hit from Safari for OS X. All Apache and PHP configurations are identical when hit by working browsers and by Safari. The session gets created and seems to work fine, but there is no session_id. I'm concerned that if 2 different Safari users hit the page simultaneously, they would share the session file. I'm somewhat of a PHP novice, and I've never posted a PHP bug before (I figured people who knew what they were doing would find a bug before I did!), so please don't flame me for doing this incorrectly; instead, tell me how I can better help you (or where I an find a solution - I've searched!). I searched for a previous bug with this decription before posting, but didn't find any. Also, I'm on a shared server, so I cannot try a CVS version. My PHP installation info can be found at <a href='http://www.seattletech.com/phpinfo.php'>http://www.seattletech.com/phpinfo.php</a>. Just in case, here was the configure command: './configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-xml' '--enable-bcmath' '--enable-calendar' '--with-curl' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-gettext' '--with-imap' '--with-imap-ssl' '--with-kerberos' '--with-mcrypt' '--enable-magic-quotes' '--with-mysql' '--enable-discard-path' '--with-pear' '--enable-xslt' '--with-xslt-sablot' '--enable-sockets' '--enable-track-vars' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--enable-versioning' '--with-zlib' ...and here is the session info: Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid On On ...and here is the .htaccess file I'm using: php_value session.save_handler 'user' php_value session.save_path 'php_sessions' php_value auto_prepend_file '/home/seattlet/public_html/registration/mysql_session_handler.php' php_value include_path ".:../" php_flag register_globals off php_flag session.use_trans_sid 1 php_flag log_errors 1 php_value error_log '/home/seattlet/public_html/registration/error_log.txt' php_flag cgi.rfc2616_headers 0 Thanks! - Mike Reproduce code: --------------- <?php session_start(); $_SESSION['id'] = session_id(); print("the session id is: ".$_SESSION['id']); ?> Expected result: ---------------- the session id is: bf76a978c98f980340bcfffe87987e22 Actual result: -------------- the session id is: -- Edit bug report at http://bugs.php.net/?id=29920&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29920&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29920&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29920&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=29920&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29920&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29920&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29920&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29920&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29920&r=support Expected behavior: http://bugs.php.net/fix.php?id=29920&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29920&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29920&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29920&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29920&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29920&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29920&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29920&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29920&r=float