php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #26583 PHP in combination with IE6 unable to create valid session-id
Submitted: 2003-12-10 09:25 UTC Modified: 2003-12-18 05:21 UTC
From: peter dot lerner at commerzbank dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.3.4 OS: Sol8 (Apache+PHP) & WinNT (IE6)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-12-10 09:25 UTC] peter dot lerner at commerzbank dot com 
Description:
------------
(see also bug #16408, i didn't know how to reopen it!)

I'm running php4.3.4 on apache2 on a solaris8 box.
Browser is Internet Explorer 6.0.2800.1106CO.

When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'.

-rw-------   1 myuid mygid 1535549 Dec 10 12:57 sess_null

When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>.

What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id.
It means that *everybody* with an IE6 will *share* this session info from session "null".


The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session.

Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-12-10 09:55 UTC] mfischer@php.net 
In bug #16408 there's solution posted. Can you verify whether this applies in your case (hostname of the server contains an underscore).
 [2003-12-18 05:21 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 10:01:28 2024 UTC