PHP :: Bug #24968 :: session_set_cookie_params() affects entire apache process

Bug #24968

session_set_cookie_params() affects entire apache process

Submitted:

2003-08-06 21:58 UTC

Modified:

2003-08-07 07:43 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

lucas at sitepoint dot com

Assigned:

Status:

Not a bug

Package:

Session related

PHP Version:

4.3.2

OS:

Redhat Linux 7.1 (2.4.18)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lucas at sitepoint dot com
New email:
PHP Version:		OS:

New Comment:

[2003-08-06 21:58 UTC] lucas at sitepoint dot com

Description:
------------
This function does not work as expected, according to the documentation.  The effect last for longer than the duration of the script.

This bug has been reported previously for prior versions of php, but all cases have been closed.

Reproduce code:
---------------
session_set_cookie_params(86400*365);

Expected result:
----------------
We expect that this code would only affect the lifetime of cookies associated with this script.

As per the documentation:  "The effect of this function only lasts for the duration of the script."

Actual result:
--------------
We have found that this function did not only affect the desired script, but also subsequent requests to other scripts belonging on different virtual servers.

Further investigation showed that this seemed to only happen on a per apache process basis.

We resorted to using .htaccess to set the session.cookie_lifetime value on a per virtual server basis.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-07 07:43 UTC] sniper@php.net

Reopen if you can prove that this affects the apache child internally, not the cookie you set. (btw. using different name for different vhosts is usually very good idea..)

It works just fine for me using latest CVS. (no 4.3.2 installed here so I can't test if it doesn't work there)

[2003-08-07 07:43 UTC] sniper@php.net

Correction:

"Using different name for the cookie in different vhosts"

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Fri Mar 27 05:00:01 2026 UTC