PHP :: Bug #9502 :: IE5.5 SP1: New browser instances displaying same session id

Bug #9502	IE5.5 SP1: New browser instances displaying same session id
Submitted:	2001-02-28 16:36 UTC	Modified:	2001-06-19 20:06 UTC
From:	dipen2001 at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.4pl1	OS:	server: BSDI BSD/OS 4.1 Kernel #
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-02-28 16:36 UTC] dipen2001 at hotmail dot com

My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security issue.

Many Thanks
Dipen

<?
	//Start the session.
	//This must be called before
	//sending any content.
	session_start();

	//Register a couple of variables
	session_register("Name");
	session_register("Count");

	//Set variable based on form input
	if($inputName != "")
	{
		$Name = $inputName;
	}
	
	//Increment counter with each page load
	$Count++;
?>
<HTML>
<HEAD>
<TITLE>Listing 7.6</TITLE>
</HEAD>
<BODY>
<?
	//print diagnostic info
	print("<B>Diagnostic Information</B><BR>\n");
	print("Session Name: " . session_name() . "<BR>\n");
	print("Session ID: " . session_id() . "<BR>\n");
	print("Session Module Name: " . session_module_name() . "<BR>\n");
	print("Session Save Path: " . session_save_path() . "<BR>\n");
	print("Encoded Session:" . session_encode() . "<BR>\n");
	
	print("<HR>\n");
	
	if($Name != "")
	{
		print("Hello, $Name!<BR>\n");
	}
	
	print("You have viewed this page $Count times!<BR>\n");
		
	//show form for getting name
	print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");	
	print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
	print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");	
	print("</FORM>");
	
	// added by dk (n.b. $SCRIPT_NAME is apache environment variable)
	print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
	print("SID:  " . SID . "<BR>\n");
	// ----------------------------------------------
	
	//use a link to reload this page
	print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");
?>
</BODY>
</HTML>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-14 23:24 UTC] sniper@php.net

Of course you get same session id's. Cookies are 
shared between new windows opened from same browser.

[2001-06-15 08:40 UTC] dipen2001 at hotmail dot com

I get the same session id's when I open up DIFFERENT instances of IE.  So, start->Programs->Internet Explorer
MULTIPLE times.

[2001-06-19 20:06 UTC] sniper@php.net

I suggest you report this to Microsoft. As it can not 
by any means be a server side problem. And you said it
yourself, it works with older IE and with NS.

Still bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 03:00:02 2025 UTC