|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26583 PHP in combination with IE6 unable to create valid session-id
Submitted: 2003-12-10 09:25 UTC Modified: 2003-12-18 05:21 UTC
From: peter dot lerner at commerzbank dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.3.4 OS: Sol8 (Apache+PHP) & WinNT (IE6)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-12-10 09:25 UTC] peter dot lerner at commerzbank dot com
(see also bug #16408, i didn't know how to reopen it!)

I'm running php4.3.4 on apache2 on a solaris8 box.
Browser is Internet Explorer 6.0.2800.1106CO.

When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'.

-rw-------   1 myuid mygid 1535549 Dec 10 12:57 sess_null

When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>.

What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id.
It means that *everybody* with an IE6 will *share* this session info from session "null".

The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session.

Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-12-10 09:55 UTC]
In bug #16408 there's solution posted. Can you verify whether this applies in your case (hostname of the server contains an underscore).
 [2003-12-18 05:21 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Jun 11 00:03:38 2023 UTC