php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37382 Sessions are dropped randomly with ie7
Submitted: 2006-05-09 14:58 UTC Modified: 2006-05-17 01:00 UTC
Votes:8
Avg. Score:4.9 ± 0.3
Reproduced:7 of 7 (100.0%)
Same Version:2 (28.6%)
Same OS:0 (0.0%)
From: eschultz at lwmc dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 5.1.4 OS: Server2003 w/ IIS 6
Private report: No CVE-ID: None
View Developer Edit
 [2006-05-09 14:58 UTC] eschultz at lwmc dot com 
Description:
------------
I have developed a web application that uses a session variable that only allows valid users to use any page with in the app.  While beta testing my app with the new IE7 the session variables will be dropped randomly and redirect me to my unauth users page.

Reproduce code:
---------------
if($_SESSION['valid']!="yes")
{
header("Refresh: 0; URL=$folder/unauth_user.php");
exit;
}

Expected result:
----------------
when the session variable 'valid' is not set to yes, the user was never authorized to view this page.  The user should then be redirected to the unauth_user.php page.

Actual result:
--------------
The code is working correctly, the problem is that a valid user will get redirected by accident because the variable resets or loses its value

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-09 20:08 UTC] bjori@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

Smells like IE bug though
 [2006-05-11 21:18 UTC] richard at elpinto dot com 
Having the same issue using Windows 2000 w/ IIS 5. Must be an IE7 Beta 2 issue.
 [2006-05-13 19:50 UTC] richard at elpinto dot com 
Upon further review, it seems that IE7 Beta 2 has trouble identifying domain greater than 3 directories deep. e.g. most cookes are set to be accessed anywhere within the domain path when set (e.g. "/"), however it seems that IE is not consistent sending the cookie with the request when more than 2 levels deep within the site (e.g. "domain.com/store/cart/payment/") and thus session information is "lost" for that application instance.  Should affect all languages that use sessions - not just PHP I would imagine.
 [2006-05-17 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-06-19 14:28 UTC] byron at foundry dot co dot za 
I am experiencing similar symptoms with IE Ver 7.0.5346.5.
URL depth used is only two deep (eg: http://localhost/foo/bar/) and I have implemented MySQL storage for session_save_handler in an attempt to fix the behaviour prior to discovering this bug listing. I have found that simple [root] session variables remain set while complex nested arrays disappear in a seemingly random fashion.

Issue has not occurred with FireFox 1.5.0.4.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Feb 05 07:01:32 2025 UTC