PHP :: Bug #64357 :: PHP mangles expires header when session.cache

Bug #64357	PHP mangles expires header when session.cache_limiter is used
Submitted:	2013-03-05 10:34 UTC	Modified:	2013-06-28 03:28 UTC
From:	abxccd at msn dot com	Assigned:
Status:	Closed	Package:	Output Control
PHP Version:	5.4.12	OS:	Ubuntu 12.10
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	abxccd at msn dot com
New email:
PHP Version:		OS:

New Comment:

[2013-03-05 10:34 UTC] abxccd at msn dot com

Description:
------------
If session.cache_limiter in php.ini has any of these values: public, private,  or nocache, the expires header will be mangled if we try to set one at a later stage.

To replication, first, set your session.cache_limiter to private or any of the above values, or do it using session_cache_limiter. Then, run the test script. Then, inspect the response headers with a tool like FireBug.

Test script:
---------------
<?php
header('Expires: Wed, 05 Mar 2014 21:25:41');

Expected result:
----------------
Content-Type	text/html
Date	Tue, 05 Mar 2013 10:25:42 GMT
Expires	Wed, 05 Mar 2014 21:25:41 GMT

Actual result:
--------------
Content-Type	text/html
Date	Tue, 05 Mar 2013 10:30:17 GMT
Expires	Thu, 19 Nov 1981 08:52:00 GMT, Wed, 05 Mar 2014 21:25:41 GMT <---- Mangled

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-06-27 22:07 UTC] yohgaki@php.net

-Status: Open +Status: Feedback

[2013-06-27 22:07 UTC] yohgaki@php.net

It seems works for PHP 5.5/5.4 cgi SAPI. What SAPI are you using? You can check 
it by using phpinfo() on your server.

$ ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
header('Expires: Wed, 05 Mar 2014 21:25:41');

X-Powered-By: PHP/5.5.1-dev
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html

$ ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
header('Expires: Wed, 05 Mar 2014 21:25:41');

X-Powered-By: PHP/5.4.18-dev
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html

[2013-06-27 22:11 UTC] yohgaki@php.net

I forgot to session_start(), but it works. Waiting your feedback.

$  ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
session_start();
header('Expires: Wed, 05 Mar 2014 21:25:41');


X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=f78a61f21785e499ea0a6f27e50176fe; path=/
Cache-Control: private, max-age=10800, pre-check=10800
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html

[2013-06-28 03:28 UTC] abxccd at msn dot com

-Status: Feedback +Status: Closed

[2013-06-28 03:28 UTC] abxccd at msn dot com

I just tested against PHP 5.4.17RC1 on Ubuntu 13.04 64-bit and it seems to be fine.

It must have been fixed somewhere between 5.4.12 and 5.4.17.

Thanks for your help :)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 15:00:01 2025 UTC