PHP :: Bug #8184 :: session security bug(?)

Bug #8184	session security bug(?)
Submitted:	2000-12-09 12:34 UTC	Modified:	2001-01-30 04:17 UTC
From:	zeles at freemail dot hu	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.3pl1	OS:	Slackware 7.0
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	zeles at freemail dot hu
New email:
PHP Version:		OS:

New Comment:

[2000-12-09 12:34 UTC] zeles at freemail dot hu

Hi!

A part of my php.ini looks like this:
session.gc_probability    = 100
session.gc_maxlifetime    = 0
session.cache_limiter     = nocache
session.use_cookies       = 0
session.auto_start        = 0 
session.use_trans_sid     = 1
session.cookie_lifetime   = 0

The situation:
the client cuts the URL of the actual page to the clipboard (the URL contains the session-id) and close the browser.
The session file becomes garbage and it will be collected at the next session call - I thought. 
However, when the client opens the browser and pastes the URL into the address line - and there isn't any other session call from another client - PHP lets him in.
If the URL does not contain the session-id everything works fine: the garbage collector collects all of the garbage.

Summary: if the session_start() gets session-id by GET parameter or by a cookie, it doesn't check whether the session file is garbage or not.

I think it's a minor security bug.

Thanks
Zoltan Eles

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-12-11 05:29 UTC] stas@php.net

I don't understand something here. Do you really want the
session to be destroyed on each page call? What's the point
in such a "session" anyway then? Could you please explain?

[2001-01-30 04:17 UTC] sniper@php.net

No feedback.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 23:01:28 2025 UTC