php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64357 PHP mangles expires header when session.cache_limiter is used
Submitted: 2013-03-05 10:34 UTC Modified: 2013-06-28 03:28 UTC
From: abxccd at msn dot com Assigned:
Status: Closed Package: Output Control
PHP Version: 5.4.12 OS: Ubuntu 12.10
Private report: No CVE-ID: None
 [2013-03-05 10:34 UTC] abxccd at msn dot com
Description:
------------
If session.cache_limiter in php.ini has any of these values: public, private,  or nocache, the expires header will be mangled if we try to set one at a later stage.

To replication, first, set your session.cache_limiter to private or any of the above values, or do it using session_cache_limiter. Then, run the test script. Then, inspect the response headers with a tool like FireBug.

Test script:
---------------
<?php
header('Expires: Wed, 05 Mar 2014 21:25:41');

Expected result:
----------------
Content-Type	text/html
Date	Tue, 05 Mar 2013 10:25:42 GMT
Expires	Wed, 05 Mar 2014 21:25:41 GMT

Actual result:
--------------
Content-Type	text/html
Date	Tue, 05 Mar 2013 10:30:17 GMT
Expires	Thu, 19 Nov 1981 08:52:00 GMT, Wed, 05 Mar 2014 21:25:41 GMT <---- Mangled

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-27 22:07 UTC] yohgaki@php.net
-Status: Open +Status: Feedback
 [2013-06-27 22:07 UTC] yohgaki@php.net
It seems works for PHP 5.5/5.4 cgi SAPI. What SAPI are you using? You can check 
it by using phpinfo() on your server.

$ ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
header('Expires: Wed, 05 Mar 2014 21:25:41');

X-Powered-By: PHP/5.5.1-dev
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html

$ ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
header('Expires: Wed, 05 Mar 2014 21:25:41');

X-Powered-By: PHP/5.4.18-dev
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html
 [2013-06-27 22:11 UTC] yohgaki@php.net
I forgot to session_start(), but it works. Waiting your feedback.

$  ./sapi/cgi/php-cgi 
<?php
session_cache_limiter('private');
session_start();
header('Expires: Wed, 05 Mar 2014 21:25:41');


X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=f78a61f21785e499ea0a6f27e50176fe; path=/
Cache-Control: private, max-age=10800, pre-check=10800
Expires: Wed, 05 Mar 2014 21:25:41
Content-type: text/html
 [2013-06-28 03:28 UTC] abxccd at msn dot com
-Status: Feedback +Status: Closed
 [2013-06-28 03:28 UTC] abxccd at msn dot com
I just tested against PHP 5.4.17RC1 on Ubuntu 13.04 64-bit and it seems to be fine.

It must have been fixed somewhere between 5.4.12 and 5.4.17.

Thanks for your help :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 08 04:01:28 2024 UTC