php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22440 Bug with cookie in CGI not in ISAPI
Submitted: 2003-02-26 10:13 UTC Modified: 2003-05-18 22:46 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: garfield_fr at tiscali dot fr Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: 4.3.2-dev OS: Windows 2000 pro SP3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: garfield_fr at tiscali dot fr
New email:
PHP Version: OS:

 

 [2003-02-26 10:13 UTC] garfield_fr at tiscali dot fr
I don't know if it's a real bug but ....

Config :
Windows 2K pro + SP3
Serveur IIS
PHP 4.3.0
this is my php.ini (full version for testing purpose) :
[PHP]
cgi.force_redirect = 0
cgi.rfc2616_headers = 1
[Session]
session.save_handler = files
session.save_path = "C:\PHP\sessions\"

I'm trying to use PHPNuke 6.0.17 and I found this bug :
When you want to login under PHPNuke you enter your name/password. if your login is ok the script send a cookie and redirect to an URL (your personal page).
With PHP in CGI mode, no cookie are send/receive (?) to the browser (IE6 SP1) and you are not connect to PHPNuke BUT if PHP run in ISAPI mode the cookie is well receive by browser and you are connected to PHPNuke....

I don't test under Apache because I don't know how to run PHP in CGI mode under Apache, but Apache+PHP module work fine (W2K)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-26 10:46 UTC] garfield_fr at tiscali dot fr
No change .... same problem ...
PHPNuke doesn't work with CGI but it works with ISAPI ...
 [2003-02-26 10:47 UTC] sniper@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.



 [2003-02-27 05:53 UTC] davidfelton at codemasters dot com
I've been experiencing a very similar/the same bug with IIS on windows 2000 and setting cookies using PHP as CGI.

How I set my cookies is as follows:

As there is a bug in IIS that prevents you from setting cookies in conjunction with Header("Location: ...") the filenames of the files that set cookies are preceded with 'nph-' as detailed here:

http://support.microsoft.com/default.aspx?scid=KB;en-us;q176113

so that I can send my own headers. This worked fine in PHP 4.2.3, now with PHP 4.3.2 It just doesn't work and headers are printed out to the screen. Code used is as follows:

function MySetCookie($CkyName, $CkyValue, $exp, $pth, $domain, $Secure)
			{
			$exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S",$exp);
			return "Set-Cookie: Territory=$CkyValue; path=$pth; domain=$domain; expires=$exp";
			}

            $territory="EnglishUK";

		//go to the main page
		Header("HTTP/1.0 302 Redirect");
		Header("Location: http://www.mydomain.com/mainpage.php?territory=$territory");
		//set cookie		
		Header(MySetCookie("Territory",$territory,mktime(0,0,0,date("n"),date("j")+30),"/","mydomain.com",0));

(note this file needs to be saved as 'nph-index.php')

This is an issue with PHP and not ISS.

Thanks.
 [2003-02-27 06:11 UTC] davidfelton at codemasters dot com
Have solved it:
I set cgi.rfc2616_headers in the php.ini to 1. I didn't know about this new setting.

Thanks.
 [2003-02-27 07:59 UTC] garfield_fr at tiscali dot fr
I set cgi.rfc2616_headers = 1 ... and I have no change :(

and I can't modify my script because I do some tests to give PHP to customers ...
 [2003-02-27 08:54 UTC] sniper@php.net
reclassified

 [2003-03-30 06:46 UTC] moriyoshi@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

This bug is likely fixed by a recent patch in CVS, so please try the latest cvs snapshot again.

 [2003-03-30 17:41 UTC] garfield_fr at tiscali dot fr
I try using last CVS snapshot (30 mar 2003).
bug is still here !! setcookie() with header("location: ...") doesn't work ...(test with phpnuke 6.0.17, in login page)
 [2003-03-30 18:43 UTC] garfield_fr at tiscali dot fr
this is a little page to test the bug :
if no cookie are set, click on "setCookie and header" link to set the cookie and redirect to other... cookie are not set !!
tested with 
PHP Version : 4.3.2-RC 
Build Date  : Mar 30 2003 09:11:32


<?php

function SetTheCookie(){
	setcookie("test","TestValue");
}
function set_redir(){
	SetTheCookie();
	header("Location: ".$_SERVER['PHP_SELF']."?op=other");
}
function delcookie(){
	setcookie("test","");	
}
?>
<html>
<head></head>
<body>
Test SetCookie function with Header("Location: ....") function...<br>
<a href="<?= $PHP_SELF; ?>?op=set">just setCookie</a><br/>
<a href="<?= $PHP_SELF; ?>?op=set_redir">setCookie and header("location:...")</a><br/>
<a href="<?= $PHP_SELF; ?>?op=delcookie">delete cookie("location:...")</a><br/>

<?php
echo "\$_GET : <br><xm>";var_dump($_GET);echo "</xmp><br>";

$op = $_GET['op'];
switch ($op){
	case "set" :
		SetTheCookie();
		break;
	case "set_redir" :
		set_redir();
		break;
	case "delcookie" :
		delcookie();
		break;
}
echo "\$_COOKIE : <br><xm>";var_dump($_COOKIE);echo "</xmp><br>";
?>
</body>
</html>
 [2003-05-01 20:21 UTC] sniper@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2003-05-04 10:59 UTC] garfield_fr at tiscali dot fr
I try with PHP 4.3.2 RC3 dev build date May 4 2003 10:14:20

The bug is still here !!
 [2003-05-18 22:46 UTC] shane@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

I don't know how it could have been 'fixed', this is an IIS issue due to MS's interpretation of the CGI spec and nothing we can do about it.  It has been this way forever.  As was posted before, you can see details at http://support.microsoft.com/default.aspx?scid=KB;en-us;q176113

 [2003-05-18 22:46 UTC] shane@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

I don't know how it could have been 'fixed', this is an IIS issue due to MS's interpretation of the CGI spec and nothing we can do about it.  It has been this way forever.  As was posted before, you can see details at http://support.microsoft.com/default.aspx?scid=KB;en-us;q176113

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC