php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26583 PHP in combination with IE6 unable to create valid session-id
Submitted: 2003-12-10 09:25 UTC Modified: 2003-12-18 05:21 UTC
From: peter dot lerner at commerzbank dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.3.4 OS: Sol8 (Apache+PHP) & WinNT (IE6)
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: peter dot lerner at commerzbank dot com
New email:
PHP Version: OS:

 

 [2003-12-10 09:25 UTC] peter dot lerner at commerzbank dot com
Description:
------------
(see also bug #16408, i didn't know how to reopen it!)

I'm running php4.3.4 on apache2 on a solaris8 box.
Browser is Internet Explorer 6.0.2800.1106CO.

When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'.

-rw-------   1 myuid mygid 1535549 Dec 10 12:57 sess_null

When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>.

What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id.
It means that *everybody* with an IE6 will *share* this session info from session "null".


The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session.

Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level.




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-12-10 09:55 UTC] mfischer@php.net
In bug #16408 there's solution posted. Can you verify whether this applies in your case (hostname of the server contains an underscore).
 [2003-12-18 05:21 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 12:01:30 2024 UTC