php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #8556 start_session modify the HTTP header
Submitted: 2001-01-04 16:11 UTC Modified: 2001-02-20 15:45 UTC
From: georges dot dagousset at oxios dot fr Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.4 OS: all
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-01-04 16:11 UTC] georges dot dagousset at oxios dot fr 
This related to bug #8073

You are right when you said it is necessary to send a header with no-cache when php send a cookie.
But I think it is not normal to change the header when php sends no cookie.

So I changed the code:
before
...
 if (send_cookie)
  php_session_send_cookie(PSLS_C);
 
 if (define_sid) {
  char *buf;

  buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5);
  sprintf(buf, "%s=%s", PS(session_name), PS(id));
  REGISTER_STRING_CONSTANT("SID", buf, 0);
 } else
  REGISTER_STRING_CONSTANT("SID", empty_string, 0);
 PS(define_sid) = define_sid;

 PS(nr_open_sessions)++;

 php_session_cache_limiter(PSLS_C);
 php_session_initialize(PSLS_C);
...

after the change
...
 if (send_cookie) {
  php_session_send_cookie(PSLS_C);
  php_session_cache_limiter(PSLS_C);
 }
 
 if (define_sid) {
  char *buf;

  buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5);
  sprintf(buf, "%s=%s", PS(session_name), PS(id));
  REGISTER_STRING_CONSTANT("SID", buf, 0);
 } else
  REGISTER_STRING_CONSTANT("SID", empty_string, 0);
 PS(define_sid) = define_sid;

 PS(nr_open_sessions)++;

 php_session_initialize(PSLS_C);
...

With this modification the no-cache header is send only once. Maybe the modification is made a wrong way!?

Georges Dagousset
France
:-)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-20 15:45 UTC] sas@php.net 
Regardless of whether the session id is transmitted by a cookie or the URL, the output of the PHP script is by default supposed to be non-cachable. 

If you think a client can cache the content of the page, change the session.cache_limiter configuration variable appropiately.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 00:01:32 2024 UTC