php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42791 HTML img src tag resets session variable
Submitted: 2007-09-28 17:55 UTC Modified: 2007-10-07 01:00 UTC
Votes:11
Avg. Score:4.2 ± 0.9
Reproduced:9 of 9 (100.0%)
Same Version:1 (11.1%)
Same OS:4 (44.4%)
From: dron007 at yahoo dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 5.2.4 OS: Linux
Private report: No CVE-ID: None
 [2007-09-28 17:55 UTC] dron007 at yahoo dot com
Description:
------------
There was the bug already posted: http://bugs.php.net/bug.php?id=25966

I also have the similar situation. IMG tag with empty src attribute deletes session variable. Yes, it is incorrect <IMG> tag but I spent a lot of time debugging this situation and I was very surprized that HTML code have an influence on PHP variables.



Reproduce code:
---------------
File 1.php:
<?
session_start();
$_SESSION["some_var"] = null;

if (isset($done)) {
  $_SESSION["some_var"] = 1;
        
  header("Location: 2.php");
  die();
}
?>

<a href="1.php?done=1">Goto 2</a>
---------------------------------------
File 2.php:
<?
session_start();
echo 'some_var='.$_SESSION["some_var"].'<br>';
echo '<img src="">';
?>

Expected result:
----------------
I first load file 1.php, then go by link which sets session variable, then I see "some_var=1" which is correct.

If I reload 2.php I expect to see "some_var=1"


Actual result:
--------------
"some_var="

Session variable is destroyed.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-09-29 02:36 UTC] jani@php.net
With what browser are you trying this with? IIRC, there was some issue with IE and broken html and it not sending some headers then. 
 [2007-10-01 10:37 UTC] dron007 at inbox dot ru
Yes, that was IE6. With FF and Opera everything works fine. Probably that is browser issue but it is very weird thing because if I add another session variable that is not nulled IE shows this variable and doesn't show nulled one. FF shows both of them. That means that session cookie is sent in both cases.

Also if I move 
$_SESSION["some_var"] = null;
inside "if" statement it works fine too.
 [2007-10-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-11-27 16:40 UTC] martin at limitless dot co dot uk
I have recently come across this bug in PHP Version 5.1.4. The code was <img src="#"> that caused the session variables to reset. The system is running Apache 1.3 on Solaris 10. If I can provide any other useful information, just let me know.
 [2008-08-06 05:45 UTC] hardik dot akbari at yahoo dot com
i am facing the same problem in internet explorer.
in ie 7 , <img src="pathtoimage"> resets session variables.
i am using apache 2.2.9 , php 5.2.7-dev.
this seems browser problem than php..
 [2008-08-06 06:01 UTC] hardik dot akbari at etatvasoft dot com
i think this is one of the possible reason for this bug.
<img src=''> causes IE 7 to reset php session variable...
so put a check that src attribute should not be blank..
 [2008-10-17 11:30 UTC] bozin at centrum dot cz
I have had this problem too, if browser could not find an img it reset the session, I found out what caused it this statement in .htaccess:
ErrorDocument 404 http://domain/404.html
If I remove it everything is ok.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 15:01:32 2024 UTC