php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25629 session cookie being set to deleted when deleting a session
Submitted: 2003-09-22 12:12 UTC Modified: 2003-09-22 12:22 UTC
From: john at tarot dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.1 OS: Linux mike 2.4.19-16mdkenterpris
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: john at tarot dot com
New email:
PHP Version: OS:

 

 [2003-09-22 12:12 UTC] john at tarot dot com 
Description:
------------
We have a session-based app with a very large user base.  Upon closing the session a few users would end up having their session cookie set to 'deleted'.  Upon subsequent visits to the site, users would find that they were logged in as someone else because they were not the only user whose session cookie specified "PHPSESSID=deleted".   I have found a workaround by testing whether the session cookie specifies "PHPSESSID=deleted". when a session read occurs.

Reproduce code:
---------------
function sess_close() {
//close connection
        global $SESS_DBH;
        if( isset($SESS_DBH) )
                $SESS_DBH->close();
        return(true);
}

Expected result:
----------------
I expect the session cookie to be deleted.

Actual result:
--------------
session cookie is set to specify "PHPSESSID=deleted"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-22 12:22 UTC] sniper@php.net 
Too old php version. We're at 4.3.3 already in which many many bugs, including some in ext/session, have been fixed..
And likely it's your app that is doing something wrong anyway.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 18 19:00:01 2025 UTC