|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-05-18 22:18 UTC] bjori@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Oct 27 17:00:01 2025 UTC |
Description: ------------ session_regenerate_id will not really work if any output has been sent to the browser because it can't send the header required. However, even if it fails (and issues a warning), the value returned by session_id() is changed and there then is an inconsistency between session_id() and the actual session id. Reproduced in 4.4.2 and 5.1.2 on OS X 10.4.6 (built from source) Reproduced in 4.4.1 on RedHat 9 Does not fail at all (no header warning and session id is correctly changed) in 5.0.3 on OS X 10.4.5 (package from entropy.ch) Reproduce code: --------------- session.php: <% error_reporting(E_ALL); ini_set('display_errors', true); session_name('my_Sess'); session_start(); $orig_id=session_id(); print "orig: $orig_id<br>"; session_regenerate_id(); $new_id=session_id(); print "new: $new_id<br>"; %> <a href="session.php">go again</a> Expected result: ---------------- If regenerate worked: orig: 1234 new: 2345 <click link> orig: 2345 new: 3456 <click link> orig: 3456 new: 4567 <click link> orig: 4567 new: 5678 If regenerate failed: orig: 1234 new: 1234 <click link> orig: 1234 new: 1234 <click link> orig: 1234 new: 1234 <click link> orig: 1234 new: 1234 Actual result: -------------- When regenerate fails w/ header warning: orig: 1234 new: 2345 <click link> orig: 1234 new: 3456 <click link> orig: 1234 new: 4567 <click link> orig: 1234 new: 5678