php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #15158 Session get replaced when moving to other domain
Submitted: 2002-01-22 05:17 UTC Modified: 2002-02-03 19:41 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: miki at canaan dot co dot il Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.1.1 OS: RH7.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-01-22 05:17 UTC] miki at canaan dot co dot il 
When I move from www.domain.com to secure.domain.com with the PHPSESID in the URL the session from the previous domain continue to work in the new one until the first inner link that does not have the PHPSESID is clicked.

When such link is clicked ( or submitted ) the session_start/register initiate new session to the domain and forget about the old session.

This behavior started after I upgraded to 4.1.1 from 4.0.6.

IMHO
In 4.0.6 the session was accepted for the domain ( as default ) after PHPSESID was delivered but in 4.1.1 its not.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-22 05:24 UTC] jan@php.net 
Please check your session.cookie_domain setting (php.ini directive).
 [2002-01-22 05:34 UTC] miki at canaan dot co dot il 
in My 4.0.6 php.ini
cookie_domain =

in My 4.1.1 php.ini
cookie_domain =

Worked very well through all the 4.0.x ver untill the 4.1.1 ( didnt checked the 4.1.0 )
 [2002-02-03 19:41 UTC] yohgaki@php.net 
Cookie will not be sent if domain is changed.  = NOT a bug.
(If it does, it's serious privacy flaw... )

If you are interested in cross domain session, phpbuilder.com had an article about it.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 17:01:31 2024 UTC