From: chris dot czub at gmail dot com Operating system: Linux 64 bit PHP version: 5.3.21 Package: HTTP related Bug Type: Bug Bug description:$_COOKIE not always populating with all cookies
Description: ------------ Seems similar to https://bugs.php.net/bug.php?id=52018 however this application is not using phpBB. Three servers are involved in this issue. We can call them A1, A2, and B. A1 and A2 are running the same application code. They are two staging instances of the same web application. B is another web application. We need to perform a cross-domain AJAX request from the A web application to the B application. We experimented with enabling CORS but had difficulties getting it working satisfactorily in IE <= 8(XDomainRequest doesn't support cookies), so now we are using an nginx proxying rule on the A1/A2 web servers. The flow is therefore: browser ajax request -> A1 or A2 -> nginx proxied -> B B is stateful and requires the user's session cookie to function. What we're seeing is that this works properly when using server A1, but when using server A2, B can't pull out the cookies. I have looked at the headers for the requests coming from A1 and A2 and they are the same. Both have the cookies line in the header, both have the same origin, etc. On B what we see is that $_COOKIE['cloud_session'] is empty when the request comes from A2 but properly filled out when the request comes from A1. The weird thing is that it's only missing pulling one particular cookie key out of the cookies in the header, and only when the request comes from A2. It parses every other cookie in the headers from A2 fine, it just can't parse the user's session cookie for some reason but it can just fine if the request comes from A1. I have used tcpdump and taken pcaps of each of these and diffed them and nothing in the headers looks particularly different. I can include any data that would help diagnose this. The length of the cookie header is only 259 characters in both the failing and successful cases, so it will be underneath the 4KB limitation. Expected result: ---------------- All cookies passed in the Cookie: header should be parsed into $_COOKIE when the request is proxied from server A1 or A2. Actual result: -------------- All cookies passed in the Cookie: header are parsed into $_COOKIE when the request comes from A1, however when the request comes from A2, the session cookie is not set in $_COOKIE but all others are. -- Edit bug report at https://bugs.php.net/bug.php?id=64118&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64118&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64118&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64118&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64118&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64118&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64118&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64118&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64118&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64118&r=support Expected behavior: https://bugs.php.net/fix.php?id=64118&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64118&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64118&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64118&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64118&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64118&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64118&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64118&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64118&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64118&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64118&r=mysqlcfg
