Edit report at https://bugs.php.net/bug.php?id=64118&edit=1
ID: 64118 Updated by: ras...@php.net Reported by: chris dot czub at gmail dot com Summary: $_COOKIE not always populating with all cookies Status: Open Type: Bug Package: HTTP related Operating System: Linux 64 bit PHP Version: 5.3.21 Block user comment: N Private report: N New Comment: There is nothing in this bug report for us to go on. And as a data point, the cookie header parsing code hasn't changed in many years and this is the first bug report I can recall suggesting it might somehow not parse cookies correctly. The chances of this being a PHP bug are near nill considering how many millions of servers this works fine on out there. Previous Comments: ------------------------------------------------------------------------ [2013-01-31 17:33:59] chris dot czub at gmail dot com Description: ------------ Seems similar to https://bugs.php.net/bug.php?id=52018 however this application is not using phpBB. Three servers are involved in this issue. We can call them A1, A2, and B. A1 and A2 are running the same application code. They are two staging instances of the same web application. B is another web application. We need to perform a cross-domain AJAX request from the A web application to the B application. We experimented with enabling CORS but had difficulties getting it working satisfactorily in IE <= 8(XDomainRequest doesn't support cookies), so now we are using an nginx proxying rule on the A1/A2 web servers. The flow is therefore: browser ajax request -> A1 or A2 -> nginx proxied -> B B is stateful and requires the user's session cookie to function. What we're seeing is that this works properly when using server A1, but when using server A2, B can't pull out the cookies. I have looked at the headers for the requests coming from A1 and A2 and they are the same. Both have the cookies line in the header, both have the same origin, etc. On B what we see is that $_COOKIE['cloud_session'] is empty when the request comes from A2 but properly filled out when the request comes from A1. The weird thing is that it's only missing pulling one particular cookie key out of the cookies in the header, and only when the request comes from A2. It parses every other cookie in the headers from A2 fine, it just can't parse the user's session cookie for some reason but it can just fine if the request comes from A1. I have used tcpdump and taken pcaps of each of these and diffed them and nothing in the headers looks particularly different. I can include any data that would help diagnose this. The length of the cookie header is only 259 characters in both the failing and successful cases, so it will be underneath the 4KB limitation. Expected result: ---------------- All cookies passed in the Cookie: header should be parsed into $_COOKIE when the request is proxied from server A1 or A2. Actual result: -------------- All cookies passed in the Cookie: header are parsed into $_COOKIE when the request comes from A1, however when the request comes from A2, the session cookie is not set in $_COOKIE but all others are. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64118&edit=1
