PHP :: Bug #26583 :: PHP in combination with IE6 unable to create valid session-id

Bug #26583	PHP in combination with IE6 unable to create valid session-id
Submitted:	2003-12-10 09:25 UTC	Modified:	2003-12-18 05:21 UTC
From:	peter dot lerner at commerzbank dot com	Assigned:
Status:	No Feedback	Package:	Session related
PHP Version:	4.3.4	OS:	Sol8 (Apache+PHP) & WinNT (IE6)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 25 - 16 = ?
Subscribe to this entry?

[2003-12-10 09:25 UTC] peter dot lerner at commerzbank dot com

Description:
------------
(see also bug #16408, i didn't know how to reopen it!)

I'm running php4.3.4 on apache2 on a solaris8 box.
Browser is Internet Explorer 6.0.2800.1106CO.

When using IE6 as a browser the session info saved as a file in /tmp, uses a file named 'sess_null'.

-rw-------   1 myuid mygid 1535549 Dec 10 12:57 sess_null

When using e.g. Mozilla 1.5 everything is fine, and you find the normal file 'sess_<cryptic sessionid>.

What does the sess_null file mean? IE6 in combination with PHP (sometimes?) is not able to generate a valid session-id.
It means that *everybody* with an IE6 will *share* this session info from session "null".


The problem is *very*critical* for us, because _every_ user who logs on with an IE6 gets user permissions from the sess_null. sess_null could be the admin's session.

Vice versa it's also a problem if the first user to create a sess_null was not-privileged, and the subsequent admin logon is "castrated" to the non-privileged level.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-10 09:55 UTC] mfischer@php.net

In bug #16408 there's solution posted. Can you verify whether this applies in your case (hostname of the server contains an underscore).

[2003-12-18 05:21 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 21:01:29 2024 UTC