php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38042 Session destroy/restart not working
Submitted: 2006-07-09 00:35 UTC Modified: 2006-10-21 05:33 UTC
From: ewilde at bsmdevelopment dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.4 OS: Windoze 2003
Private report: No CVE-ID: None
View Developer Edit
 [2006-07-09 00:35 UTC] ewilde at bsmdevelopment dot com 
Description:
------------
Session destroy followed by session start appears to no longer start a new session.  The attached code works on 5.1.2 but fails on 5.1.4.

Reproduce code:
---------------
<script language="php">

// Start a new session.  This sends a session cookie.
session_start();

if (strlen(session_id()) > 0)
  {
  // Unset all of the session variables.
  $_SESSION = array();

  // Delete the session cookie.
  if (isset($_COOKIE[session_name()]))
    setcookie(session_name(), '', time()-42000, '/');

  // Finally, destroy the session itself.
  session_destroy();

  // Now, fire up a new session.  This should send another session cookie.
  session_start();
  }

</script>

<html><head>

<title>Session cookie test page</title>

<script type="text/javascript" language="JavaScript1.2">

  function SessionCookieCheck()
  {
  // Look for the start of the session ID cookie in the middle of the cookies
  // string.  If we don't find it there, look for it at the very beginning.
  if ((document.cookie.indexOf('<?php echo "; ".session_name()."=" ?>') == -1)
    && (document.cookie.indexOf('<?php echo session_name()."=" ?>') != 0))
    window.alert('Cookies must be enabled for this site before you can continue!');
  }

</script>

</head>

<body onLoad="SessionCookieCheck();">
<p>Cookie, cookie, who has the cookie?
</body></html>


Expected result:
----------------
From HTTPLook

Set-Cookie: PHPSESSID=a8285938718a2985abb6aefa834c7a2f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=deleted; expires=Sat, 09-Jul-2005 00:18:22 GMT; path=/
Set-Cookie: PHPSESSID=a8285938718a2985abb6aefa834c7a2f; path=/


Actual result:
--------------
From HTTPLook

First, third, etc. time

Set-Cookie: PHPSESSID=3sfu3fa1q2f564dib6dfqtv202; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=ubjl6940iru1vnel68ha0uvj11; path=/

Second, fourth, etc. time

Set-Cookie: PHPSESSID=deleted; expires=Sat, 09-Jul-2005 00:17:46 GMT; path=/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-09 07:38 UTC] tony2001@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 [2006-10-21 05:33 UTC] ewilde at bsmdevelopment dot com 
Well Tony, how is it that you don't think this is a bug?

It used to work fine.  As of 5.1.4 it is broken.  Furthermore, the behavior is different every other time.  Is that supposed to be?  And, it screws up the way sessions work.  So, it sure sounds like a bug to me.

I know you're a busy guy but it would be nice if you'd explain a bit about how you don't think this is a bug.

BTW, I know where the documentation is located and I've read it.

Also, I sent you a working sample of code that demonstrates the problem plus a short bit of trace output that shows it happening.  If everyone sent me this kind of documentation with their bug reports I'd be a happy fellow.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 04 16:00:01 2025 UTC