PHP :: Bug #9502 :: IE5.5 SP1: New browser instances displaying same session id

Bug #9502	IE5.5 SP1: New browser instances displaying same session id
Submitted:	2001-02-28 16:36 UTC	Modified:	2001-06-19 20:06 UTC
From:	dipen2001 at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.4pl1	OS:	server: BSDI BSD/OS 4.1 Kernel #
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dipen2001 at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2001-02-28 16:36 UTC] dipen2001 at hotmail dot com

My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security issue.

Many Thanks
Dipen

<?
	//Start the session.
	//This must be called before
	//sending any content.
	session_start();

	//Register a couple of variables
	session_register("Name");
	session_register("Count");

	//Set variable based on form input
	if($inputName != "")
	{
		$Name = $inputName;
	}
	
	//Increment counter with each page load
	$Count++;
?>
<HTML>
<HEAD>
<TITLE>Listing 7.6</TITLE>
</HEAD>
<BODY>
<?
	//print diagnostic info
	print("<B>Diagnostic Information</B><BR>\n");
	print("Session Name: " . session_name() . "<BR>\n");
	print("Session ID: " . session_id() . "<BR>\n");
	print("Session Module Name: " . session_module_name() . "<BR>\n");
	print("Session Save Path: " . session_save_path() . "<BR>\n");
	print("Encoded Session:" . session_encode() . "<BR>\n");
	
	print("<HR>\n");
	
	if($Name != "")
	{
		print("Hello, $Name!<BR>\n");
	}
	
	print("You have viewed this page $Count times!<BR>\n");
		
	//show form for getting name
	print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");	
	print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
	print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");	
	print("</FORM>");
	
	// added by dk (n.b. $SCRIPT_NAME is apache environment variable)
	print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
	print("SID:  " . SID . "<BR>\n");
	// ----------------------------------------------
	
	//use a link to reload this page
	print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");
?>
</BODY>
</HTML>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-14 23:24 UTC] sniper@php.net

Of course you get same session id's. Cookies are 
shared between new windows opened from same browser.

[2001-06-15 08:40 UTC] dipen2001 at hotmail dot com

I get the same session id's when I open up DIFFERENT instances of IE.  So, start->Programs->Internet Explorer
MULTIPLE times.

[2001-06-19 20:06 UTC] sniper@php.net

I suggest you report this to Microsoft. As it can not 
by any means be a server side problem. And you said it
yourself, it works with older IE and with NS.

Still bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC