php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #61562 Remove session.use_only_cookies
Submitted: 2012-03-30 10:04 UTC Modified: 2016-01-15 08:09 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: yohgaki@php.net Assigned: yohgaki (profile)
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-03-30 10:04 UTC] yohgaki@php.net 
Description:
------------
When session.use_trans_sid=on and session.use_only_cookies=off, Trans SID should 
work.

However, current code requires session.use_cookie=off to make Trans SID work.


Test script:
---------------
N/A

Expected result:
----------------
When session.use_trans_sid=on and session.use_only_cookies=off, Trans SID should 
work.


Actual result:
--------------
session.use_cookie=off is needed to make Trans SID work.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-30 10:04 UTC] yohgaki@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: yohgaki
 [2012-03-30 10:05 UTC] yohgaki@php.net
-PHP Version: 5.4.0 +PHP Version: 5.4.0/5.3.10
 [2013-06-27 20:02 UTC] arpad@php.net
-Status: Assigned +Status: Open -Type: Bug +Type: Documentation Problem -Assigned To: yohgaki +Assigned To:
 [2013-06-27 20:02 UTC] arpad@php.net 
session.use_cookie=off is not required for trans sid to work, however if  session.use_cookie=on and you have a cookie with the correct name then PHP will use that out of preference.
 [2013-06-28 20:44 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-08 03:12 UTC] yohgaki@php.net 
Thanks Arpad for clarification.

I think session.use_only_cookie should be removed, since it is not needed and 
always cause confusion.

session.use_trans_sid and session.use_cookie should be enough.

If session.use_trans_sid = off and session.use_cookie = off, then session simply 
disabled.
 [2014-07-09 05:58 UTC] yohgaki@php.net
-Summary: session.use_only_cookies does not work +Summary: Remove session.use_only_cookies -Type: Documentation Problem +Type: Feature/Change Request -Operating System: ANY +Operating System: * -PHP Version: 5.4.0/5.3.10 +PHP Version: *
 [2016-01-15 08:09 UTC] yohgaki@php.net
-Status: Assigned +Status: Wont fix
 [2016-01-15 08:09 UTC] yohgaki@php.net 
I decided not to remove use_only_cookies config.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 12:01:27 2024 UTC