php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38042 Session destroy/restart not working
Submitted: 2006-07-09 00:35 UTC Modified: 2006-10-21 05:33 UTC
From: ewilde at bsmdevelopment dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.4 OS: Windoze 2003
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ewilde at bsmdevelopment dot com
New email:
PHP Version: OS:

 

 [2006-07-09 00:35 UTC] ewilde at bsmdevelopment dot com
Description:
------------
Session destroy followed by session start appears to no longer start a new session.  The attached code works on 5.1.2 but fails on 5.1.4.

Reproduce code:
---------------
<script language="php">

// Start a new session.  This sends a session cookie.
session_start();

if (strlen(session_id()) > 0)
  {
  // Unset all of the session variables.
  $_SESSION = array();

  // Delete the session cookie.
  if (isset($_COOKIE[session_name()]))
    setcookie(session_name(), '', time()-42000, '/');

  // Finally, destroy the session itself.
  session_destroy();

  // Now, fire up a new session.  This should send another session cookie.
  session_start();
  }

</script>

<html><head>

<title>Session cookie test page</title>

<script type="text/javascript" language="JavaScript1.2">

  function SessionCookieCheck()
  {
  // Look for the start of the session ID cookie in the middle of the cookies
  // string.  If we don't find it there, look for it at the very beginning.
  if ((document.cookie.indexOf('<?php echo "; ".session_name()."=" ?>') == -1)
    && (document.cookie.indexOf('<?php echo session_name()."=" ?>') != 0))
    window.alert('Cookies must be enabled for this site before you can continue!');
  }

</script>

</head>

<body onLoad="SessionCookieCheck();">
<p>Cookie, cookie, who has the cookie?
</body></html>


Expected result:
----------------
From HTTPLook

Set-Cookie: PHPSESSID=a8285938718a2985abb6aefa834c7a2f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=deleted; expires=Sat, 09-Jul-2005 00:18:22 GMT; path=/
Set-Cookie: PHPSESSID=a8285938718a2985abb6aefa834c7a2f; path=/


Actual result:
--------------
From HTTPLook

First, third, etc. time

Set-Cookie: PHPSESSID=3sfu3fa1q2f564dib6dfqtv202; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=ubjl6940iru1vnel68ha0uvj11; path=/

Second, fourth, etc. time

Set-Cookie: PHPSESSID=deleted; expires=Sat, 09-Jul-2005 00:17:46 GMT; path=/


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-09 07:38 UTC] tony2001@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 [2006-10-21 05:33 UTC] ewilde at bsmdevelopment dot com
Well Tony, how is it that you don't think this is a bug?

It used to work fine.  As of 5.1.4 it is broken.  Furthermore, the behavior is different every other time.  Is that supposed to be?  And, it screws up the way sessions work.  So, it sure sounds like a bug to me.

I know you're a busy guy but it would be nice if you'd explain a bit about how you don't think this is a bug.

BTW, I know where the documentation is located and I've read it.

Also, I sent you a working sample of code that demonstrates the problem plus a short bit of trace output that shows it happening.  If everyone sent me this kind of documentation with their bug reports I'd be a happy fellow.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC