ID: 24781 User updated by: spagmoid at yahoo dot com Reported By: spagmoid at yahoo dot com -Status: Feedback +Status: Open Bug Type: Session related Operating System: All PHP Version: 4.3.2 New Comment:
Sorry, there's no way I can subject our site to this risk again. I just thought I would notify about this problem. I believe what happened was proxy servers started cacheing pages that has SID's in the links. This caused users to start pouring in with identical SID's (different on each proxy, we surmise). It only happened to AOL users. It took 12 hours of hell just to figure out what was going on. Maybe a note in the session section of the manual that this can happen would help.. Previous Comments: ------------------------------------------------------------------------ [2003-07-23 22:13:32] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2003-07-23 19:20:57] spagmoid at yahoo dot com Description: ------------ Our SID's have been leaking out today and becoming shared between 5+ users at once, causing massive corruption. Our theory is that session.use_only_cookies does not always work. It sometimes allows the SID to propagate in URL when cookies are disabled (noticed in Netscape not IE for some reason). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24781&edit=1
