Req #62743 [Opn->Fbk]: Empty, but set session cookies cause warning and cause sessions to not save

Thu, 27 Jun 2013 02:01:14 -0700 

Edit report at https://bugs.php.net/bug.php?id=62743&edit=1

 ID:                 62743
 Updated by:         yohg...@php.net
 Reported by:        brianlm...@php.net
 Summary:            Empty, but set session cookies cause warning and
                     cause sessions to not save
-Status:             Open
+Status:             Feedback
 Type:               Feature/Change Request
 Package:            Session related
 Operating System:   Linux
 PHP Version:        5.3.15
 Block user comment: N
 Private report:     N

 New Comment:

If session cookie is empty string, cookie should be deleted.
Do you mean string looks empty? i.e. '   ' for instance.

If multiple cookie for the same name is set (i.e. set path and/or domain for 
cookie), already existing cookie may not be able to be 
overwritten by new cookie.

Your case sounds like later case. If so, it's the cookie spec and we cannot do 
much and please close this bug report.

We can try to delete all the possible pattern of path and domain for session 
cookie, but I think it's users task.


Previous Comments:
------------------------------------------------------------------------
[2012-08-03 17:40:47] brianlm...@php.net

Description:
------------
If a session cookie is not set, a new session id will be created and all works 
fine. However, if for some reason the session cookie is set, but an empty 
string, session_start() throws a warning and custom session handlers are called 
with an empty session id. In addition, no session cookies are set.

Test script:
---------------
The test script involves setting empty cookies and such. This is the user land 
workaround I am using for now. 

if(isset($_COOKIE[ini_get("session.name")]) && 
empty($_COOKIE[ini_get("session.name")])){
    // The cookie is empty. This is bad.
    unset($_COOKIE[ini_get("session.name")]);
}
session_start();


Expected result:
----------------
An empty session cookie should be treated the same as an unset session cookie.

Actual result:
--------------
Empty session cookies are treated as session ids, but warned and cause sessions 
to not be saved.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62743&edit=1

Reply via email to