|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9502 IE5.5 SP1: New browser instances displaying same session id
Submitted: 2001-02-28 16:36 UTC Modified: 2001-06-19 20:06 UTC
From: dipen2001 at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0.4pl1 OS: server: BSDI BSD/OS 4.1 Kernel #
Private report: No CVE-ID: None
 [2001-02-28 16:36 UTC] dipen2001 at hotmail dot com
My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security issue.

Many Thanks

	//Start the session.
	//This must be called before
	//sending any content.

	//Register a couple of variables

	//Set variable based on form input
	if($inputName != "")
		$Name = $inputName;
	//Increment counter with each page load
<TITLE>Listing 7.6</TITLE>
	//print diagnostic info
	print("<B>Diagnostic Information</B><BR>\n");
	print("Session Name: " . session_name() . "<BR>\n");
	print("Session ID: " . session_id() . "<BR>\n");
	print("Session Module Name: " . session_module_name() . "<BR>\n");
	print("Session Save Path: " . session_save_path() . "<BR>\n");
	print("Encoded Session:" . session_encode() . "<BR>\n");
	if($Name != "")
		print("Hello, $Name!<BR>\n");
	print("You have viewed this page $Count times!<BR>\n");
	//show form for getting name
	print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");	
	print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
	print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");	
	// added by dk (n.b. $SCRIPT_NAME is apache environment variable)
	print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
	print("SID:  " . SID . "<BR>\n");
	// ----------------------------------------------
	//use a link to reload this page
	print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-14 23:24 UTC]
Of course you get same session id's. Cookies are 
shared between new windows opened from same browser.

 [2001-06-15 08:40 UTC] dipen2001 at hotmail dot com
I get the same session id's when I open up DIFFERENT instances of IE.  So, start->Programs->Internet Explorer
 [2001-06-19 20:06 UTC]
I suggest you report this to Microsoft. As it can not 
by any means be a server side problem. And you said it
yourself, it works with older IE and with NS.

Still bogus.

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jul 12 22:01:25 2020 UTC