php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #36328 Random vhosts and .htaccess configuration leaks
Submitted: 2006-02-08 02:48 UTC Modified: 2006-06-10 23:47 UTC
Votes:7
Avg. Score:5.0 ± 0.0
Reproduced:6 of 6 (100.0%)
Same Version:3 (50.0%)
Same OS:3 (50.0%)
From: technophreak at gammae dot com Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.1.2, Latest CVS OS: Fedora Core 4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: technophreak at gammae dot com
New email:
PHP Version: OS:

 

 [2006-02-08 02:48 UTC] technophreak at gammae dot com 
Description:
------------
Problem is similar to BUG #25753

I am running Apache 2.0.55

I have seen this bug with PHP 5.0.5 also.

Some configuration gets leaked into random vhosts.

Reproduce code:
---------------
Let's have 3 different web sites using 3 vhosts.

One of those vhost, lets call it vhost A, I set a .htaccess file into the document_root folder:

php_flag session.use_trans_sid on
php_flag session.use_cookies off

-

If I load a page wich has a session ID already set in the cookies in Vhost B or C, the session ID will be changed as if I would load the page with no cookie.

Here is a really simple code: <? print session_id(); ?>

Note: This happens maybe 1 time on 50 so you have to refresh the page a lot of times.


Expected result:
----------------
Should print ALWAYS the same session ID as long as the session doesnt expire.

Actual result:
--------------
Sometimes, the session ID changes because session does not use cookies because the VHOST A .htaccess leaked to VHOST B.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-08 15:55 UTC] technophreak at gammae dot com 
Changed the Summary to something people will expect to look for if they have the same problem.
 [2006-02-11 13:23 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip
 [2006-02-19 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-04-30 21:35 UTC] technophreak at gammae dot com 
I've just tried with BUILD Apr 30 2006 16:49:02 in Latest CVS, same
problem occurs.

Similar bug report: #36257
 [2006-06-09 15:27 UTC] mike@php.net 
Dupe of bug #36257
Please try the next CVS snapshot.
 [2006-06-10 23:47 UTC] technophreak at gammae dot com 
Seems to solve the problem with latest CVS, however, 5.2.0 is not compatible with Zend Optimizer which causes me a problem. When will this fix be included in stable realease ?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 02:01:28 2024 UTC