php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16408 session handling does not work with IE6
Submitted: 2002-04-03 04:16 UTC Modified: 2003-12-10 10:05 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: sb at bpm dot ch Assigned:
Status: Closed Package: Session related
PHP Version: 4.1.1 OS: Windows NT (IIS) & AIX (Apache)
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sb at bpm dot ch
New email:
PHP Version: OS:

 

 [2002-04-03 04:16 UTC] sb at bpm dot ch
In IE6 we have on some PCs the problem that the session data will not saved:

First page:

session_start();
$User = "root";
session_register(User);

Second page:

session_start();
echo "$User";

Now nothing will displayed...   :-(

This Problem occures only in IE6 an never in IE5.x

Stephan

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-03 09:46 UTC] yohgaki@php.net
Hmm. I use IE6+Linux/Apache and I don't have problem.
Could you look into packets using sniffer? and see if there is any difference with IE6 and IE5.

Ehtereal works on a lot of platforms and very easy to use.
http://www.ethereal.com/

 [2002-05-03 13:01 UTC] jan dot vlcinsky at cad-programs dot com
I thing, you forgot to place quotes around variable name
Instead of 
session_register(User); BAD
use
session_register("User"); OK
 [2002-07-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2003-12-10 07:22 UTC] peter dot lerner at commerzbank dot com
If the session info is saved as a file, instead of a file called sess_<cryptic session-id>, you will find a file named 'sess_null'.

-rw-------   1 myuid mygid 1535549 Dec 10 12:57 sess_null

I'm running php4.3.4 on apache2 on a solaris8 box.
Browser is Internet Explorer 6.0.2800.1106CO.

Session management troubles happen only with IE6, but runs fine with e.g. Mozilla 1.5.

The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session.

Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level.
 [2003-12-10 07:28 UTC] sb at bpm dot ch
This problem occures only, if the hostname of the server contains an "_" (underscore). We have changed the hostname now.

Stephan
 [2003-12-10 07:30 UTC] sb at bpm dot ch
this issue can be closed now.
 [2003-12-10 10:05 UTC] derick@php.net
FYI, hostnames with a _ in there are not even allowed. From Appendix 1 of RFC 882:

<domain> ::=  <subdomain> | " "

      <subdomain> ::=  <label> | <subdomain> "." <label>

      <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]

      <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>

      <let-dig-hyp> ::= <let-dig> | "-"

      <let-dig> ::= <letter> | <digit>

      <letter> ::= any one of the 52 alphabetic characters A through Z
      in upper case and a through z in lower case

      <digit> ::= any one of the ten digits 0 through 9
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 11:01:30 2024 UTC