From: bnies at bluewin dot ch Operating system: Solaris 9 PHP version: 5.2.5 PHP Bug Type: Session related Bug description: PHP Cookie expiration (2)
Description: ------------ Concerning Bug #43226 because it was set to 'bogus' and additional comments are not allowed. First: I did not ask for support. The issue I submitted is concerning the HTTP headers that the PHP function session_unregister() sends to the browser. My suggestion was to send Cookie Expires and Cookie Max-Age together when unregistering a PHP session to make sure that even with broken proxy or browser implementations the session gets terminated. This problem came across a broken proxy implementation that only treated the Max-Age option and ignored the Expires option and then sent the session cookie with the value 'deleted' back to the PHP application which then treated it as a valid session. See: https://sourceforge.net/tracker/index.php?func=detail&aid=1829098&group_id=311&atid=100311 I don't mess with computer's time but some internet users might do this and change the date to use expired software licenses. I don't know if the PHP application or PHP itself sets the cookie expires date to one year in the past. Maybe setting it to 1 January 1980 00:00 GMT is the safest way. Bye, Bernd -- Edit bug report at http://bugs.php.net/?id=43439&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=43439&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=43439&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=43439&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=43439&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=43439&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=43439&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=43439&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=43439&r=needscript Try newer version: http://bugs.php.net/fix.php?id=43439&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=43439&r=support Expected behavior: http://bugs.php.net/fix.php?id=43439&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=43439&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=43439&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=43439&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=43439&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=43439&r=dst IIS Stability: http://bugs.php.net/fix.php?id=43439&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=43439&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=43439&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=43439&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=43439&r=mysqlcfg