php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #9390 PHPSESSID adds itself to $HTTP_POST_VARS
Submitted: 2001-02-21 20:41 UTC Modified: 2001-04-19 09:28 UTC
From: aaron dot lake at kvaerner dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.4pl1 OS: HP-UX 11.00
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: aaron dot lake at kvaerner dot com
New email:
PHP Version: OS:

 

 [2001-02-21 20:41 UTC] aaron dot lake at kvaerner dot com 
Problem:

For some reason PHP adds PHPSESSID to $HTTP_POST_VARS

At login, I use:
session_start():
$sid = session_id();
session_register("sid");
etc.....

2 pages into the session the var PHPSESSID
appears as the first element in the post array.

My app has been been behaving until I started playing with
gc_probability in php.ini.

My identical dev website with identical code does not
reproduce this problem.

Config INFO:

Compile Directives:
'./configure' '--prefix=/../../php_prod' '--with-config_file_path=/../../php_prod/lib' '--with-oci8' '--with-apache=/../../apache_prod' '--enable-track-vars' '--enable-trans-sid' '--enable-ftp'


php.ini session config:

[Session]
session.save_handler = files ;
session.save_path=/usr/local/session    ;                   session.use_cookies       = 0       ; session.name              = PHPSESSID  ;
session.auto_start        = 0       ; session.cookie_lifetime=0   ;                               session.cookie_path =  /
session.serialize_handler = php     ; session.gc_probability    = 1     ; session.gc_maxlifetime    = 1800    ; session.referer_check     =         ; session.entropy_length    = 0       ; session.entropy_file      =         ;  session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter= nocache ;                                     ; session.cache_expire      = 180     ; session.use_trans_sid     = 1       ; 

[EOF]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-03-16 17:37 UTC] sas@php.net 
Since you are using the transparent session id feature, the obvious question is: Do you use forms with method=POST?
 [2001-03-16 17:46 UTC] sniper@php.net 
In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

--Jani
 [2001-03-19 14:05 UTC] aaron dot lake at kvaerner dot com 
Thanx Jani,

As suggested:

In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

when i added this conf. directive and bounced the web server, $HTTP_POST_VARS (using the POST method) contained
NO elements.

I added this directive to my identical development environment and noticed no ill effects.
 [2001-03-19 14:12 UTC] sniper@php.net 
Both environments run same php.ini? Same version of PHP?
Same configure line used on building both PHP's?

--Jani
 [2001-03-19 14:13 UTC] aaron dot lake at kvaerner dot com 
Thanx Jani,

As suggested:

In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

when i added this conf. directive and bounced the web server, $HTTP_POST_VARS (using the POST method) contained
NO elements.

I added this directive to my identical development environment and noticed no ill effects.
 [2001-03-19 14:16 UTC] aaron dot lake at kvaerner dot com 
both production and development environments
are using identical versions and configurations 
of apache web server 1.3.14 and php 4.0.4 pl1,
php.ini config is also identical.
 [2001-03-19 14:24 UTC] aaron dot lake at kvaerner dot com 
Woops!

No it still doesnt work.

Aaron.
 [2001-03-19 14:38 UTC] sniper@php.net 
Stupid question: did you restart your apache after
adding that php.ini directive? And did your restart it 
like this:

./apachectl stop
./apachectl start

(I'm just guessing here.. :)

And does it work on your development environment or not?
(the 'no ill effects'?)

--Jani
 [2001-03-19 14:39 UTC] aaron dot lake at kvaerner dot com 
both production and development environments
are using identical versions and configurations 
of apache web server 1.3.14 and php 4.0.4 pl1,
php.ini config is also identical.
 [2001-03-19 14:43 UTC] aaron dot lake at kvaerner dot com 
Jani,

That is correct,
I did explicitly stop and start the web server
(prod and dev) using the ./apachectl stop ... start.

Dev works fine.

Aaron.
 [2001-03-19 14:50 UTC] sniper@php.net 
I suggest you check that they REALLY are identical.
And I guess you're trying with same scripts? :)

--Jani
 [2001-04-19 09:28 UTC] sniper@php.net 
No feedback. If problem still persists when using PHP 4.0.5,
reopen this bug report.

--Jani
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 20:01:29 2024 UTC