php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77238 session_set_cookie_params behavior change in PHP 7.2
Submitted: 2018-12-04 18:58 UTC Modified: 2018-12-08 06:26 UTC
From: john at zerocrates dot org Assigned:
Status: Not a bug Package: Session related
PHP Version: 7.2.12 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: john at zerocrates dot org
New email:
PHP Version: OS:

 

 [2018-12-04 18:58 UTC] john at zerocrates dot org
Description:
------------
Under PHP 7.1, calling session_set_cookie_params with an active session will successfully change the cookie sent to the client, IF session_regenerate_id is called afterward.

In PHP 7.2, calling session_set_cookie_params with an active session emits a warning:

Warning:  session_set_cookie_params(): Cannot change session cookie parameters when session is active

Additionally, the cookie is _not_ changed.

I've seen this described as a change which merely emits warnings informing developers of patterns that never worked in the first place and just failed silently (for example, the comments on #75650), but in this case presumably the function is bailing out after printing the warning, and the actual behavior is changed.

I was unable to find any discussion of this change in the migration documentation for PHP 7.2.

Test script:
---------------
session_start();
$params = session_get_cookie_params();
session_set_cookie_params(100, $params['path'], $params['domain'], $params['secure']);
session_regenerate_id();

// Under 7.1 this emits a Set-Cookie with the 100-second lifetime respected

// Under 7.2, it produces a warning and the Set-Cookie does not respect the new lifetime


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-04 19:12 UTC] john at zerocrates dot org
Bug #76358 seems to be a different facet of the same basic problem or change.
 [2018-12-08 06:21 UTC] yohgaki@php.net
-Status: Open +Status: Not a bug
 [2018-12-08 06:21 UTC] yohgaki@php.net
Program must set all parameters for session before activating session from PHP 7.2.
 [2018-12-08 06:26 UTC] yohgaki@php.net
Please refer to PHP 7.2's UPGRADING in the source.

Changning session parameter for active session was the main cause of the session related bugs.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Dec 11 23:01:25 2018 UTC