From: napalm at spiderfish dot net Operating system: redhat linux PHP version: 4.3.2 PHP Bug Type: Unknown/Other Function Bug description: strange cookie behaviour
Description: ------------ The problem: - Theoretically Login Page: Checks if one of the cookies variables is set and if so, proceed with the login. Otherwise shows the login form. On submit calls the dologin() function. Login: Access db, register session variables and cookies (if checkbox is checked) -> Redirects to temp.php -> Since the user is logged in, shows the option for logout. Logout: Unsets session variables as well as cookies -> Redirects to temp.php?actID=0 - logout() -> Since the session was destroyed the user is now sent to the login page but this time with a notice that he was sucessfully logged out. - Practically Login: Everything smooth Logout: The unset part goes without any problem and after the redirection the user is sent again to the login page. At this point I can't understand how but the $this->dologin() function is called. The final output will be exactly the same as if the user is logging in for the first time without any notice of the sucessful logout as supposed. -- Strange facts: - I checked if the cookie was set and the answer is NO so how could the dologin function be called??? - Tried to remove the mysql functions from the dologin() and it worked fine. - Tried to comment the "$this->dologin($_COOKIE['sl_reporterid'], $_COOKIE['sl_password'], NULL, 1);" line and guess what, it worked as supposed!??? - If the script dont store any cookies (checkbox !checked) it works ok. I did a great effort to understand what was going and since I could't live without knowing the cause I reported what I think it's some "kind" of bug. Script source: http://projects.spiderfish.net/spylog/temp.txt Working example #1: http://projects.spiderfish.net/spylog/temp.php - with the problem Working example #2: http://projects.spiderfish.net/spylog/temp2.php - without the problem (commented the line that calls the dologin function as refered above) PHP Info: http://projects.spiderfish.net/spylog/phpinfo.php Best Regards Jo�o -- Edit bug report at http://bugs.php.net/?id=24713&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24713&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24713&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=24713&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24713&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24713&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24713&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=24713&r=support Expected behavior: http://bugs.php.net/fix.php?id=24713&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=24713&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=24713&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24713&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24713&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24713&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24713&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=24713&r=gnused
