php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9502 IE5.5 SP1: New browser instances displaying same session id
Submitted: 2001-02-28 16:36 UTC Modified: 2001-06-19 20:06 UTC
From: dipen2001 at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0.4pl1 OS: server: BSDI BSD/OS 4.1 Kernel #
Private report: No CVE-ID: None
 [2001-02-28 16:36 UTC] dipen2001 at hotmail dot com
My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security issue.

Many Thanks
Dipen

<?
	//Start the session.
	//This must be called before
	//sending any content.
	session_start();

	//Register a couple of variables
	session_register("Name");
	session_register("Count");

	//Set variable based on form input
	if($inputName != "")
	{
		$Name = $inputName;
	}
	
	//Increment counter with each page load
	$Count++;
?>
<HTML>
<HEAD>
<TITLE>Listing 7.6</TITLE>
</HEAD>
<BODY>
<?
	//print diagnostic info
	print("<B>Diagnostic Information</B><BR>\n");
	print("Session Name: " . session_name() . "<BR>\n");
	print("Session ID: " . session_id() . "<BR>\n");
	print("Session Module Name: " . session_module_name() . "<BR>\n");
	print("Session Save Path: " . session_save_path() . "<BR>\n");
	print("Encoded Session:" . session_encode() . "<BR>\n");
	
	print("<HR>\n");
	
	if($Name != "")
	{
		print("Hello, $Name!<BR>\n");
	}
	
	print("You have viewed this page $Count times!<BR>\n");
		
	//show form for getting name
	print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");	
	print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
	print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");	
	print("</FORM>");
	
	// added by dk (n.b. $SCRIPT_NAME is apache environment variable)
	print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
	print("SID:  " . SID . "<BR>\n");
	// ----------------------------------------------
	
	//use a link to reload this page
	print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");
?>
</BODY>
</HTML>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-14 23:24 UTC] sniper@php.net
Of course you get same session id's. Cookies are 
shared between new windows opened from same browser.

 [2001-06-15 08:40 UTC] dipen2001 at hotmail dot com
I get the same session id's when I open up DIFFERENT instances of IE.  So, start->Programs->Internet Explorer
MULTIPLE times.
 [2001-06-19 20:06 UTC] sniper@php.net
I suggest you report this to Microsoft. As it can not 
by any means be a server side problem. And you said it
yourself, it works with older IE and with NS.

Still bogus.



 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Fri Nov 16 11:01:25 2018 UTC