php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79295 Gecko/Firefox Session Mutation Bug
Submitted: 2020-02-22 08:02 UTC Modified: 2020-02-22 08:15 UTC
From: jab_creations at yahoo dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 7.3.15 OS: Windows 7/10
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jab_creations at yahoo dot com
New email:
PHP Version: OS:

 

 [2020-02-22 08:02 UTC] jab_creations at yahoo dot com 
Description:
------------
A major bug that only effects Gecko browsers (e.g. Firefox, Waterfox) refuses to remember the session across page loads. As my software requires a session to view pages visitors afflicted by this bug are unable to access the website at all. In the interim I have setup an error-handler page explaining the technical issue along with displaying the session id so they can see the issue. Most people reload the page until they pass the system tolerance level and they get a nonrelated error for up to half an hour. If you are thoroughly testing the issue I highly recommend a VPN that can generate a lot of different IP addresses to avoid having to wait to resume testing once you've exceeded the system tolerance.

This can be tested at jabcreations.com only with Gecko based browsers.

I have not been able to determine the exact cause of this as this issue as it appeared in the middle of a major project though the issue has naturally gotten progressively worse.

Test script:
---------------
PHP script initiation:

ini_set('session.cookie_secure', 1);
ini_set('session.gc_maxlifetime', 3600);
session_set_cookie_params(3600);
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_samesite','Strict');
ini_set('session.use_only_cookies', 1);
session_name('session');
session_start();


php.ini settings:

[Session]
session.save_handler = files
session.save_path = "/tmp"
session.use_cookies = 1
session.use_only_cookies = 1
session.auto_start = 0
session.cookie_lifetime = 1800
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1800
session.bug_compat_42 = Off
session.bug_compat_warn = Off
session.referer_check =
session.entropy_length = 0
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5


Expected result:
----------------
Sessions should not mutate or be lost.

Actual result:
--------------
Gecko browsers mostly forget the generated session and therefore every single request a new session is generated.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-22 08:15 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-02-22 08:15 UTC] requinix@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Dec 20 13:00:01 2025 UTC