PHP :: Bug #16627 :: SID is empty

Bug #16627

SID is empty

Submitted:

2002-04-16 03:31 UTC

Modified:

2002-04-23 22:01 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

michael dot hockerts at fonetix dot de

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.2.0

OS:

Linux 2.4.10

Private report:

CVE-ID:

None

View Developer Edit

[2002-04-16 03:31 UTC] michael dot hockerts at fonetix dot de

<?php
  session_start();
  if ( SID != session_name() . '=' . session_id() ) echo 'shit'; else echo 'my fault';
?>



'./configure' '--with-apxs2=/usr/httpd/sbin/apxs' '--with-mysql' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr/lib' '--with-zlib=yes' '--with-xml' '--with-ttf' '--with-ftp' '--enable-trans-sid' '--enable-track-vars' '--enable-magic-quotes' '--enable-ftp' '--with-config-file-path=/etc/httpd2' '--with-sybase=/usr/freetds' '--with-pdflib=/usr/local' '--with-gettext'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-16 05:03 UTC] hholzgra@php.net

afair SID is only defined when no session cookie was received?

[2002-04-16 05:31 UTC] michael dot hockerts at fonetix dot de

With enabled cookies, it works, but I would have to change the congiguration of 1400 clients to allow cookies.

Cookies are not enabled in my configuration:

session.auto_start		Off
session.cache_expire		180
session.cache_limiter		nocache
session.cookie_domain		no value
session.cookie_lifetime		0
session.cookie_path		/
session.cookie_secure		Off
session.entropy_file		no value
session.entropy_length		0
session.gc_maxlifetime		1440
session.gc_probability		1
session.name			SESSID
session.referer_check		no value
session.save_handler		files
session.save_path		/tmp
session.serialize_handler	php
session.use_cookies		Off
session.use_trans_sid		0

its the same php.ini I used in 4.1.2 and lower.
I also tried the php.ini-dist from RC4

[2002-04-16 05:33 UTC] michael dot hockerts at fonetix dot de

With enabled cookies, it works, but I would have to change the configuration of 1400 clients to allow cookies.

Cookies are not enabled in my serverconfiguration:

session.auto_start		Off
session.cache_expire		180
session.cache_limiter		nocache
session.cookie_domain		no value
session.cookie_lifetime		0
session.cookie_path		/
session.cookie_secure		Off
session.entropy_file		no value
session.entropy_length		0
session.gc_maxlifetime		1440
session.gc_probability		1
session.name			SESSID
session.referer_check		no value
session.save_handler		files
session.save_path		/tmp
session.serialize_handler	php
session.use_cookies		Off
session.use_trans_sid		0

its the same php.ini I used in 4.1.2 and lower.
I also tried the php.ini-dist from RC4

[2002-04-23 21:59 UTC] mmichael at audiogalaxy dot com

We are getting the same error.  It works fine on php 4.1.2, but 4.2.0 blows up.  We do not have sessions trans ID enabled, but I noticed the configuration script no longer recognizes trans-sid.  Not everybody has cookies and php 4.2.0 appears to break sessions for people w/o cookies.

[2002-04-23 22:01 UTC] sniper@php.net

This is fixed in CVS and the fix will be in PHP 4.2.1.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Aug 15 15:00:02 2025 UTC