php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25629 session cookie being set to deleted when deleting a session
Submitted: 2003-09-22 12:12 UTC Modified: 2003-09-22 12:22 UTC
From: john at tarot dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.1 OS: Linux mike 2.4.19-16mdkenterpris
Private report: No CVE-ID: None
 [2003-09-22 12:12 UTC] john at tarot dot com
Description:
------------
We have a session-based app with a very large user base.  Upon closing the session a few users would end up having their session cookie set to 'deleted'.  Upon subsequent visits to the site, users would find that they were logged in as someone else because they were not the only user whose session cookie specified "PHPSESSID=deleted".   I have found a workaround by testing whether the session cookie specifies "PHPSESSID=deleted". when a session read occurs.

Reproduce code:
---------------
function sess_close() {
//close connection
        global $SESS_DBH;
        if( isset($SESS_DBH) )
                $SESS_DBH->close();
        return(true);
}

Expected result:
----------------
I expect the session cookie to be deleted.

Actual result:
--------------
session cookie is set to specify "PHPSESSID=deleted" 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-22 12:22 UTC] sniper@php.net
Too old php version. We're at 4.3.3 already in which many many bugs, including some in ext/session, have been fixed..
And likely it's your app that is doing something wrong anyway.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 01:01:28 2024 UTC