PHP :: Bug #47395 :: session expiration date misformatted

Bug #47395	session expiration date misformatted
Submitted:	2009-02-15 14:58 UTC	Modified:	2009-02-16 11:21 UTC
From:	tdtwisteruk at hotmal dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.2CVS-2009-02-15 (CVS)	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tdtwisteruk at hotmal dot com
New email:
PHP Version:		OS:

New Comment:

[2009-02-15 14:58 UTC] tdtwisteruk at hotmal dot com

Description:
------------
The problem appear to be the wrong formating of the expiration date that cause meny browsers to ignore the session cookie.
I think I have manage to track the bug. It appears to be on the file /ext/session/session.c line 1119. I am currently working on a patch. It should be trivial.

Reproduce code:
---------------
 session_set_cookie_params(
            $lifetime,
            $path,
            $domain,
            $isSecure,
            $httponly
        );
session_start();

Expected result:
----------------
frontend=90b770550657dbe845656805a1e9bfe0; expires=Sun, 15-Feb-09 15:53:53 GMT; path=/magento; domain=localhost; HttpOnly

Actual result:
--------------
frontend=90b770550657dbe845656805a1e9bfe0; expires=Sunday, 15-Feb-09 15:53:53 GMT; path=/magento; domain=localhost; HttpOnly

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-02-15 15:18 UTC] tdtwisteuk at hotmail dot com

The problem appear to be related with the bugfix #31583. quoting NEWS "Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance
  mode). (mike at php dot net)"

The php_std_date function is used to form the session date instead of the strcpy_gmt() in the session.c file

[2009-02-15 19:51 UTC] tdtwisteuk at hotmail dot com

It appears that the browser behavior I mention earlyer was caused by domain=localhost attribute, even though I run the page from localhost.
Anyway the cookie expirtion date is different from the session expiration. To fix this change line 1119 in ext/session/session.c to date_fmt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);

[2009-02-15 21:44 UTC] scottmac@php.net

Pretty sure I fixed this in December, did you really test a CVS snapshot?

http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.44&r2=1.417.2.8.2.45&pathrev=PHP_5_2&view=patch

[2009-02-16 09:00 UTC] tdtwisteruk at hotmail dot com

No the actual test was done in php 5.2.8.

[2009-02-16 09:11 UTC] tdtwisteruk at hotmail dot com

Yes you are actually right. It is fixed on the csv repository.
Sorry I bother you. Next time I will check better.

[2009-02-16 11:21 UTC] felipe@php.net

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 16 22:01:34 2025 UTC