PHP :: Bug #8179 :: session.referer

Bug #8179	session.referer_check malfunctions
Submitted:	2000-12-08 16:26 UTC	Modified:	2000-12-15 10:17 UTC
From:	snubber at seahat dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.3pl1	OS:	Debian 2.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2000-12-08 16:26 UTC] snubber at seahat dot com

the session.referer_check option in the php.ini file seems to cause php to restart the session on every page of the same site when enabled.  

If you turn on the referer check, and enable 'warn me before accepting cookies' in netscape you will see PHP setting a cookie for a new session every time session_start() is called.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-12-15 10:17 UTC] sniper@php.net

From http://www.php.net/manual/reg.session.php:
---------------------------------------------------------
 session.referer_check contains the substring you want to
 check each HTTP Referer for. If the Referer was sent by
 the client and the substring was not found, the embedded
 session id will be marked as invalid. Defaults to the
 empty string
---------------------------------------------------------

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 18 23:01:31 2024 UTC