php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36661 Session cannot change cookie_domain through ini_set
Submitted: 2006-03-09 07:54 UTC Modified: 2006-03-12 11:31 UTC
From: joshduck at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.2 OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: joshduck at hotmail dot com
New email:
PHP Version: OS:

 

 [2006-03-09 07:54 UTC] joshduck at hotmail dot com 
Description:
------------
PHP does not accept alternative cookie domains set through either session_set_cookie_params or ini_set.

My test machine runs two sub domains 'www.example.com' and 'alt.example.com'. In my script I have tried to set the cookie domain to '.example.com' (I've also tried 'example.com') so that both domains can access the cookie. When the cookie is sent to the browser the domain is set as the current domain ('www.example.com' or 'alt.example.com') rather than what I specified.

I get the expected behaviour when I set session.cookie_domain in php.ini or when I manually set a cookie.

Reproduce code:
---------------
<?php
session_set_cookie_params(6 * 3600, '/', '.example.com');
session_start();
print_r(session_get_cookie_params()); //Shows correct values
echo ini_get('session.cookie_domain') . '<br />'; //Outputs '.example.com'
echo $_SESSION['blah'] . '<br />';
$_SESSION['blah'] = rand();
?>

php.ini:

session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = 
session.serialize_handler = php
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

Expected result:
----------------
Cookie domain (in client): example.com

Actual result:
--------------
Cookie domain (in client): www.example.com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-03-09 21:11 UTC] mike@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Must be your webserver changing the header.

If you try your code with the CGI executable you'll see that PHP sends the header as intended.
 [2006-03-10 03:57 UTC] joshduck at hotmail dot com 
Thanks for the feedback mike, however I am running PHP as CGI. Like I said it works fine if set my desired value in php.ini, which suggests to me that it is a problem with PHP.
 [2006-03-10 13:30 UTC] mike@php.net 
I suppose you cleared the cookies in the browser?
Please don't mind, but I *have* to ask that question :)

What does runnung your code with php-cgi.exe on the prompt output?
 [2006-03-12 11:02 UTC] joshduck at hotmail dot com 
Yes, I cleared my cookies. I've just discovered the problem was due to session.auto_start being set to 1. Turning it off gave me the response I wanted. 

Thanks to everyone who left feedback.
 [2006-03-12 11:03 UTC] joshduck at hotmail dot com 
...
 [2006-03-12 11:31 UTC] mike@php.net 
Not a bug -> Bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Jun 01 00:01:32 2024 UTC