PHP :: Bug #36328 :: Random vhosts and .htaccess configuration leaks

Bug #36328

Random vhosts and .htaccess configuration leaks

Submitted:

2006-02-08 02:48 UTC

Modified:

2006-06-10 23:47 UTC

Votes:	7
Avg. Score:	5.0 ± 0.0
Reproduced:	6 of 6 (100.0%)
Same Version:	3 (50.0%)
Same OS:	3 (50.0%)

From:

technophreak at gammae dot com

Assigned:

Status:

Not a bug

Package:

Apache2 related

PHP Version:

5.1.2, Latest CVS

OS:

Fedora Core 4

Private report:

CVE-ID:

None

View Developer Edit

[2006-02-08 02:48 UTC] technophreak at gammae dot com

Description:
------------
Problem is similar to BUG #25753

I am running Apache 2.0.55

I have seen this bug with PHP 5.0.5 also.

Some configuration gets leaked into random vhosts.

Reproduce code:
---------------
Let's have 3 different web sites using 3 vhosts.

One of those vhost, lets call it vhost A, I set a .htaccess file into the document_root folder:

php_flag session.use_trans_sid on
php_flag session.use_cookies off

-

If I load a page wich has a session ID already set in the cookies in Vhost B or C, the session ID will be changed as if I would load the page with no cookie.

Here is a really simple code: <? print session_id(); ?>

Note: This happens maybe 1 time on 50 so you have to refresh the page a lot of times.


Expected result:
----------------
Should print ALWAYS the same session ID as long as the session doesnt expire.

Actual result:
--------------
Sometimes, the session ID changes because session does not use cookies because the VHOST A .htaccess leaked to VHOST B.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-08 15:55 UTC] technophreak at gammae dot com

Changed the Summary to something people will expect to look for if they have the same problem.

[2006-02-11 13:23 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-02-19 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2006-04-30 21:35 UTC] technophreak at gammae dot com

I've just tried with BUILD Apr 30 2006 16:49:02 in Latest CVS, same
problem occurs.

Similar bug report: #36257

[2006-06-09 15:27 UTC] mike@php.net

Dupe of bug #36257
Please try the next CVS snapshot.

[2006-06-10 23:47 UTC] technophreak at gammae dot com

Seems to solve the problem with latest CVS, however, 5.2.0 is not compatible with Zend Optimizer which causes me a problem. When will this fix be included in stable realease ?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC