PHP :: Bug #47395 :: session expiration date misformatted

Bug #47395	session expiration date misformatted
Submitted:	2009-02-15 14:58 UTC	Modified:	2009-02-16 11:21 UTC
From:	tdtwisteruk at hotmal dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.2CVS-2009-02-15 (CVS)	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-02-15 14:58 UTC] tdtwisteruk at hotmal dot com

Description:
------------
The problem appear to be the wrong formating of the expiration date that cause meny browsers to ignore the session cookie.
I think I have manage to track the bug. It appears to be on the file /ext/session/session.c line 1119. I am currently working on a patch. It should be trivial.

Reproduce code:
---------------
 session_set_cookie_params(
            $lifetime,
            $path,
            $domain,
            $isSecure,
            $httponly
        );
session_start();

Expected result:
----------------
frontend=90b770550657dbe845656805a1e9bfe0; expires=Sun, 15-Feb-09 15:53:53 GMT; path=/magento; domain=localhost; HttpOnly

Actual result:
--------------
frontend=90b770550657dbe845656805a1e9bfe0; expires=Sunday, 15-Feb-09 15:53:53 GMT; path=/magento; domain=localhost; HttpOnly

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-02-15 15:18 UTC] tdtwisteuk at hotmail dot com

The problem appear to be related with the bugfix #31583. quoting NEWS "Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance
  mode). (mike at php dot net)"

The php_std_date function is used to form the session date instead of the strcpy_gmt() in the session.c file

[2009-02-15 19:51 UTC] tdtwisteuk at hotmail dot com

It appears that the browser behavior I mention earlyer was caused by domain=localhost attribute, even though I run the page from localhost.
Anyway the cookie expirtion date is different from the session expiration. To fix this change line 1119 in ext/session/session.c to date_fmt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);

[2009-02-15 21:44 UTC] scottmac@php.net

Pretty sure I fixed this in December, did you really test a CVS snapshot?

http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.44&r2=1.417.2.8.2.45&pathrev=PHP_5_2&view=patch

[2009-02-16 09:00 UTC] tdtwisteruk at hotmail dot com

No the actual test was done in php 5.2.8.

[2009-02-16 09:11 UTC] tdtwisteruk at hotmail dot com

Yes you are actually right. It is fixed on the csv repository.
Sorry I bother you. Next time I will check better.

[2009-02-16 11:21 UTC] felipe@php.net

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 16 21:01:33 2025 UTC