PHP :: Request #15960 :: GET-style session fallback -- Incessant asking for cookie

Request #15960	GET-style session fallback -- Incessant asking for cookie
Submitted:	2002-03-08 13:05 UTC	Modified:	2002-03-08 14:19 UTC
From:	nielsene at mit dot edu	Assigned:
Status:	Closed	Package:	Feature/Change Request
PHP Version:	4.1.2	OS:	RH Linux 7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nielsene at mit dot edu
New email:
PHP Version:		OS:

New Comment:

[2002-03-08 13:05 UTC] nielsene at mit dot edu

This may be a documentation clarification issue, or it may be a session bug.  In either case this seems like the most beneign way to report it.

I've searched the on-line bug and email archives as well as read the annotated documentation and I can't tell if this is the normal, expected behavoir or not:

On page1.php I use session_start(), reject the cookie
follow a link to page2.php (the PHPSESSID was properly appended)

On arrival at page2.php I am again prompted to accept/reject the cookie.  I understand that choosing prompt/always/never is a browser/user decision, but shouldn't session_start detect that a session exists and that the cookie was rejected and not keep bugging the user?  (Is this a bug or a feature request?)

Eric Nielsen

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-08 13:44 UTC] sniper@php.net

So you're saying that PHP sends the cookie even
if the PHPSESSID was in the GET request?

This doesn't happen to me with latest CVS..
So you could try a snapshot from http://snaps.php.net/

--Jani

[2002-03-08 13:51 UTC] nielsene at mit dot edu

Sorry, I guess that was less clear than I thought it was.

It appears that if a user has their browser set to Prompt (for cookie acceptance).  PHP will attempt to set the cookie every time session_start is called, causing the browser to pop up the query dialog box (accept/reject cookie?) on every page.  It appears to me this is broken, session_start should be able to tell that a session exists, via existence of a PHPSESSID variable in the GET variables and not try to start a new cookie based session.

Ie once a user has rejected a cookie, that session should stay cookieless, PHP should not try to browbeat the user into accepting the cookie.

[2002-03-08 14:19 UTC] sniper@php.net

..and that's what happens with latest CVS. (and 4.2.0 branch). Try the snapshot.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 23 04:00:03 2025 UTC