|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2003-09-22 12:22 UTC] sniper@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Apr 29 12:01:32 2024 UTC |
Description: ------------ We have a session-based app with a very large user base. Upon closing the session a few users would end up having their session cookie set to 'deleted'. Upon subsequent visits to the site, users would find that they were logged in as someone else because they were not the only user whose session cookie specified "PHPSESSID=deleted". I have found a workaround by testing whether the session cookie specifies "PHPSESSID=deleted". when a session read occurs. Reproduce code: --------------- function sess_close() { //close connection global $SESS_DBH; if( isset($SESS_DBH) ) $SESS_DBH->close(); return(true); } Expected result: ---------------- I expect the session cookie to be deleted. Actual result: -------------- session cookie is set to specify "PHPSESSID=deleted"