php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25966 HTML img src tag resets session variable
Submitted: 2003-10-23 08:16 UTC Modified: 2003-10-30 20:43 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kevin at netsmith dot ltd dot uk Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.2 OS: Red Hat Linux 7.2
Private report: No CVE-ID: None
View Developer Edit
 [2003-10-23 08:16 UTC] kevin at netsmith dot ltd dot uk 
Description:
------------
My PHP version is 4.3.2-RC2

I have an include file which executes a bunch of PHP code and outputs HTML.  I also store session variables.

I noticed that if I put the following HTML tag inside the include file:

<img src="" height="5" width="5">

My session data gets reset.

Ok, the point here is no one should have an empty image source tag.  When the src is populated, the problem does not occur.


Reproduce code:
---------------
<? include('/path/to/the/file.php'); ?>

Expected result:
----------------
User should continue onto the next page of the website.

Actual result:
--------------
My error checking reports that the user is no longer logged in.  This is due to the session variable being reset by this HTML code.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-23 08:18 UTC] kevin at netsmith dot ltd dot uk 
[PHP Modules]
ctype
mysql
overload
pcre
posix
session
standard
tokenizer
xml
 [2003-10-23 22:12 UTC] iliaa@php.net 
Do you have session.use_trans_sid enabled?
 [2003-10-24 04:40 UTC] kevin at netsmith dot ltd dot uk 
The variable is set as follows:

session.use_trans_sid = 0
 [2003-10-30 20:43 UTC] sniper@php.net 
Simply: Don't do that. (browser issue, has nothing to do with PHP)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Mar 14 07:01:30 2025 UTC