ID: 42367 Updated by: [EMAIL PROTECTED] Reported By: g dot schuster at laxit dot com -Status: Open +Status: Bogus Bug Type: Session related Operating System: Windows XP Pro SP2 PHP Version: 5.2.3 New Comment:
You should sometimes read what is said in the php.ini-dist about the options. This has always been like this: ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. session.referer_check = This is NOT some option you turn off/on. To "turn it off" you simply don't a) set it in php.ini or b) set it with empty value. Previous Comments: ------------------------------------------------------------------------ [2007-08-21 23:10:34] g dot schuster at laxit dot com >when a link is clicked should mean "when a referer is sent" Sorry for that mistake, been awake for too long. ------------------------------------------------------------------------ [2007-08-21 22:04:07] g dot schuster at laxit dot com Description: ------------ Keeping track of the session ID fails due to refere_check when a link is clicked even if session.refere_check is disabled in the global AND in the local config. phpinfo() correctly states session.referer_check=0 for both global and local config. If you add the URL parameters (NOT the session id parameters!) to the URL and hit "Enter" everything works fine because, in my case, FireFox doesn't send a referer. Problem can be solved if ini_set('session.referer_check', FALSE); is set in the script. Reproduce code: --------------- http://www.laxit.com/tmp_files/phpbug/session_bug.html http://www.laxit.com/tmp_files/phpbug/phpinfo.html Expected result: ---------------- Session keeps state and doesn't check for referer if session.referer_check=0 Actual result: -------------- session_id($_REQUEST[session_name()]); session_start(); creates a new session because it doesn't respect the session.refere_check=0 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42367&edit=1