PHP :: Bug #21821 :: Unsetting $_COOKIE[session_name()] shouldn't warn, but send new cookie

Bug #21821	Unsetting $_COOKIE[session_name()] shouldn't warn, but send new cookie
Submitted:	2003-01-22 11:43 UTC	Modified:	2003-01-22 19:26 UTC
From:	msopacua@php.net	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.0	OS:	BSD/OS 4.2
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-01-22 11:43 UTC] msopacua@php.net

The following script:
<?php
error_reporting(E_ALL);
if(isset($_COOKIE[session_name()]) && !file_exists(session_save_path(NULL) . '/sess_' . session_id(NULL)))
        unset($_COOKIE[session_name()]);
ini_set('session.use_only_cookies', TRUE);
ini_set('session.cookie_lifetime', 7 * 24 * 3600);
ini_set('session.gc_lifetime', 7 * 24 * 3600);
session_start();
?>
<html>
<body>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?foo=<?php echo time(); ?>">refresh</a>
<pre>
<?php var_dump($_SESSION); ?>
</pre>
</body>
</html>

<?php
$_SESSION['test'] = 'hi' . $_GET['foo'];
?>

Creates warnings about illegal chars in the session id. However - there is no valid session here, as there is no valid cookie. It should send a new cookie instead, with a new generated session id. However - it sets an empty id:
Set-Cookie: PHPSESSID=; expires=Wed, 29-Jan-2003 17:37:42 GMT; path=/

If I also unset $_SESSION, it doesn't change anything.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-22 11:49 UTC] msopacua@php.net

Ahum - NULL (inserted for readibility) apparently is '' not, void.

[2003-01-22 19:26 UTC] sniper@php.net

And this really doesn't work like that..
You can't set/unset cookies by mangling the $_COOKIE[] array anyway.

Please ask support questions elsewhere.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 30 11:00:02 2025 UTC