ID: 43226 Updated by: [EMAIL PROTECTED] Reported By: bnies at bluewin dot ch -Status: Open +Status: Bogus Bug Type: Session related Operating System: Solaris 9 PHP Version: 5.2.4 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Sounds like a broken proxy to me, and the argument of a date being off is lame... you should not mess with your computer's time. Previous Comments: ------------------------------------------------------------------------ [2007-11-09 15:31:37] bnies at bluewin dot ch Description: ------------ I'm not sure if it has fixed in PHP 5.2.4 but the problem is there in PHP 5.2.2. If PHP terminates a session with session_unregister(); it sends these HTTP headers to the browser: Set-Cookie: SQMSESSID=deleted; expires=Thu, 09-Nov-2006 13:34:48 GMT; path=/ The 'expires' option is an old option proposed by Netscape. See RFC 2109. We stumbled across a session problem with a proxy software that ignores this 'expires' option and implemented only the new 'Max-Age=0' option. The expires=olddate is also bad, because one can never know what the time on the remote side is. What if it the remote system clock more than one year behind? Could it be a fix to send both cookie expire options to make sure a cookie gets really deleted: Set-Cookie: SQMSESSID=deleted; expires=Thu, 09-Nov-2006 13:34:48 GMT; path=/ Set-Cookie: SQMSESSID=deleted; Max-Age=0; path=/ The problem appeared with the proxy software that ignored cookie deletion and then sent the session cookie with value "deleted" to the application which then treatened the session ID "deleted" as valid session. See here for more details: https://sourceforge.net/tracker/index.php?func=detail&aid=1829025&group_id=311&atid=100311 Best Regards, Bernd Nies ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43226&edit=1
