php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80906 session.use_cookies = false still require not sent headers
Submitted: 2021-03-25 14:01 UTC Modified: 2021-03-25 15:28 UTC
Votes:3
Avg. Score:2.3 ± 0.9
Reproduced:0 of 0 (0.0%)
From: sailormax at inbox dot lv Assigned:
Status: Open Package: Session related
PHP Version: 8.0.3 OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sailormax at inbox dot lv
New email:
PHP Version: OS:

 

 [2021-03-25 14:01 UTC] sailormax at inbox dot lv 
Description:
------------
If try to setup session-functions to work without cookies, they still doesn't work when headers have already been sent

Test script:
---------------
<?
  print "foo";
  ini_set("session.use_cookies", 0);
  session_name("myname");
?>

Expected result:
----------------
foo


if user turn off "session.use_cookies", php has not to check headers in ini_set() and in any session-functions.

Actual result:
--------------
foo
Warning: ini_set(): Session ini settings cannot be changed after headers have already been sent in D:\foo.php on line 3

Warning: session_name(): Session name cannot be changed after headers have already been sent in D:\foo.php on line 4

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-25 14:07 UTC] rtrtrtrtrt at dfdfdfdf dot dfd 
you simply change the setting way too late
 [2021-03-25 15:28 UTC] cmb@php.net 
I'd rather make session.use_cookies mandatory, than making the
session handling more complex to support this scenario.
 [2021-07-09 08:09 UTC] sailormax at inbox dot lv 
PHP has possibility to setup own handles for work with sessions => he can change it work to solution without cookies => we need session-functions without any checks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 19:01:33 2024 UTC