php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28301 Multiple session cookies set with same value
Submitted: 2004-05-06 16:42 UTC Modified: 2004-05-07 20:24 UTC
From: o dot gab at anw dot de Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.6 OS: Linux 2.4.21 SMP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: o dot gab at anw dot de
New email:
PHP Version: OS:

 

 [2004-05-06 16:42 UTC] o dot gab at anw dot de 
Description:
------------
Using the PHP sessions, I found a strange behaviour when I accept the session cookie manually (my browser setting: ask for cookies). On some servers, every page containing sesssion_start() tries to set this cookie again and again, with identical name and value. Unfortunately the Internet Explorer accepts this only twice, then it hangs. Mozilla/Netscape/Opera accept cookies without crashing.

This problem refers even to large sites. I can give you examples by mail.

I saw this problem also on apache 2.0.40/PHP 4.2.2 and apache 1.3.26/4.3.0, so there might be other dependencies (OS? Apache?), which I can't reproduce.

My build for apache 1.3.29 / PHP 4.3.6:

'./configure' '--with-mysql=/usr' '--with-apache=../apache_1.3.29' '--enable-track-vars' '--enable-trans-sid' '--with-gd' '--with-jpeg-dir=/usr/lib' '--with-png-dir=/usr/lib' '--with-tiff-dir=/usr/lib' '--with-freetype-dir=/usr/lib' '--with-zlib' '--enable-bcmath' '--with-ftp' '--enable-ftp' '--with-mcrypt' '--with-mhash' '--with-gettext' '--with-config-file-path=/etc'

php.ini with no changes.

There are no error messages in any logfiles (php/apache).

Similar to Bug #26502, but it seems not to be a browser problem as sniper says.


Reproduce code:
---------------
<?
  session_start();
  $var = "any value";
  session_register("var");
  print_r( $HTTP_SESSION_VARS );
?>

Note: The browser setting must be "ask for cookies" to reproduce the behavior.

Expected result:
----------------
At the first page visit, my browser asks me to set the session cookie. I accept. Reloading this page should not try to set the cookie again.

Actual result:
--------------
The cookie is set every page view.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-07 17:55 UTC] iliaa@php.net 
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

PHP simply renews the cookie.
 [2004-05-07 20:14 UTC] o dot gab at anw dot de 
I'm using 4.3.6, the latest stable.

Renewing this cookie makes no sense, because it is already set. This non standard behaviour causes problems and should be fixed in a new release.
 [2004-05-07 20:24 UTC] derick@php.net 
This is not a bug, but expected behavior. Saying that IE crashes sounds weird too, as there are PLENTY of websites that use PHP where using IE works fine. No bug -> bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 19 16:01:31 2024 UTC