php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #61562 Remove session.use_only_cookies
Submitted: 2012-03-30 10:04 UTC Modified: 2016-01-15 08:09 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: yohgaki@php.net Assigned: yohgaki (profile)
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: yohgaki@php.net
New email:
PHP Version: OS:

 

 [2012-03-30 10:04 UTC] yohgaki@php.net 
Description:
------------
When session.use_trans_sid=on and session.use_only_cookies=off, Trans SID should 
work.

However, current code requires session.use_cookie=off to make Trans SID work.


Test script:
---------------
N/A

Expected result:
----------------
When session.use_trans_sid=on and session.use_only_cookies=off, Trans SID should 
work.


Actual result:
--------------
session.use_cookie=off is needed to make Trans SID work.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-30 10:04 UTC] yohgaki@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: yohgaki
 [2012-03-30 10:05 UTC] yohgaki@php.net
-PHP Version: 5.4.0 +PHP Version: 5.4.0/5.3.10
 [2013-06-27 20:02 UTC] arpad@php.net
-Status: Assigned +Status: Open -Type: Bug +Type: Documentation Problem -Assigned To: yohgaki +Assigned To:
 [2013-06-27 20:02 UTC] arpad@php.net 
session.use_cookie=off is not required for trans sid to work, however if  session.use_cookie=on and you have a cookie with the correct name then PHP will use that out of preference.
 [2013-06-28 20:44 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-08 03:12 UTC] yohgaki@php.net 
Thanks Arpad for clarification.

I think session.use_only_cookie should be removed, since it is not needed and 
always cause confusion.

session.use_trans_sid and session.use_cookie should be enough.

If session.use_trans_sid = off and session.use_cookie = off, then session simply 
disabled.
 [2014-07-09 05:58 UTC] yohgaki@php.net
-Summary: session.use_only_cookies does not work +Summary: Remove session.use_only_cookies -Type: Documentation Problem +Type: Feature/Change Request -Operating System: ANY +Operating System: * -PHP Version: 5.4.0/5.3.10 +PHP Version: *
 [2016-01-15 08:09 UTC] yohgaki@php.net
-Status: Assigned +Status: Wont fix
 [2016-01-15 08:09 UTC] yohgaki@php.net 
I decided not to remove use_only_cookies config.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 10 04:01:34 2025 UTC