From: Operating system: Linux Debian 5.0.4 PHP version: 5.3.2 Package: HTTP related Bug Type: Bug Bug description:Probable cookie problem with 5.3.2
Description: ------------ There seems to be a problem with PHP 5.3.2: cookies are not working properly in some cases, for example when running PhpBB 3.0.5 (and probably other versions also). The reason **seems** to be that the $_COOKIE super global variable is not always populated with received cookies, and the most visible effect is that the users of my phpBB forum are not able to use the âautomatic logonâ feature of phpBB. However, a simple test case with the setcookie function works properly, so I donât know exactly what kind of cookie can trigger the bug. Downgrading to phpBB 5.2.13 or lower effectively fix the problem. I made multiple tries, using either 5.2.6, 5.2.13 or 5.3.2, either compiled by myself or installed from Debian packages, with or without the Debian security patches, while keeping the same php.ini configuration in all cases, and the result was always the same: - with 5.2.6 or 5.2.13, cookies are handled properly, and phpBB users can use the phpBB's automatic âautomatic logonâ feature. - with 5.3.2, cookies seem to be blocked, $_COOKIE is not populated (except maybe by as many empty strings as the number of expected cookies). The server also uses Apache 2.2.9 and MySQL 5.1.46, and I tried on two different Debian 5.0.4 configurations, one as 32 bits at my home and one as 64 bits in a datacenter. I used Wireshark for network sniffing, so I can tell that cookies are truely present in HTTP headers. I tracked the $_COOKIE variable by adding a "error_log(print_r($_COOKIE, true))" instruction near the beginning of the phpBB common code. Test script: --------------- I'm sorry, I don't know how to make a short test script showing the problem. I tried a short test with setcookie but it worked properly, even with 5.3.2. I suppose that there are some combined interactions within phpBB triggering this problem when they happen altogether. The only procedure that I can suggest is the following: - Install a phpBB server (download from http://www.php.net/) with the default configuration. - Create a user account with any name. - Try to login on this account. Don't forget to check the "Log me on automatically each visit" option when login. - Browse a little inside the forum, check that the connexion is kept by session ID. - Quit your browser, closing all of its Windows. - Reopen the browser, and open again the phpBB forum. Use the root address of the forum, without the session ID parameter. Expected result: ---------------- When opening the forum homepage, login should be already made, kept from previous session. This is what happens with 5.2.6 or 5.2.13. Actual result: -------------- Forum open correctly, but previous login is completely forgotten. This is what happens with 5.3.2. -- Edit bug report at http://bugs.php.net/bug.php?id=52018&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=52018&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=52018&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=52018&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=52018&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=52018&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=52018&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=52018&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=52018&r=needscript Try newer version: http://bugs.php.net/fix.php?id=52018&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=52018&r=support Expected behavior: http://bugs.php.net/fix.php?id=52018&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=52018&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=52018&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=52018&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52018&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=52018&r=dst IIS Stability: http://bugs.php.net/fix.php?id=52018&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=52018&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=52018&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=52018&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=52018&r=mysqlcfg
