ID: 25934 Updated by: [EMAIL PROTECTED] Reported By: php at webfreezer dot com -Status: Open +Status: Feedback Bug Type: Session related Operating System: SuSe Linux 8.1 PHP Version: 4.3.3 New Comment:
Are you accessing the session ID via globals or do you use $_GET, etc.? This might be same issue as bug #25753 is about. Previous Comments: ------------------------------------------------------------------------ [2003-10-22 03:03:04] php at webfreezer dot com I`ll test the snapshot soon. The following is the content of the .htaccess in the DocumentRoot: php_value register_globals 0 Options -Indexes register_globals must be set to on for the whole server because there are other older websites that require this option so I explicitly have to disable it for the affected website. ------------------------------------------------------------------------ [2003-10-22 02:01:38] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip And do you set any PHP ini options in your httpd.conf / .htaccess file? (for any vhost) ------------------------------------------------------------------------ [2003-10-21 16:11:03] php at webfreezer dot com No, it is off: session.use_trans_sid = 0 ------------------------------------------------------------------------ [2003-10-21 15:14:18] [EMAIL PROTECTED] You do have "session.use_trans_sid = 1" in your php.ini? ------------------------------------------------------------------------ [2003-10-21 08:37:47] php at webfreezer dot com Description: ------------ PHP sometimes does not want to use the sessionID given via GET! This happens only on some occasions however it is reproducible on such a certain page. I regret that I cannot post a short code snippet because it simply does not happen when testing with a short code snippet. What happens is the following: - the SID is used as a GET parameter (this works on every other page!) - $sidname=session_name(); echo $_GET[$sidname] outputs the correct SID visible in the URL (e.g. "/search.php?page=2&qid=1&sessionID=1291bfd78301f151803ca632cd41f626") - however echo session_id() outputs a totally different SID! - both (old and new) SID files exist and are readable session.auto_start=0 session.use_cookies=0 session.use_only_cookies=0 session.referer_check=0 I even implemented my own session handler and it appears that PHP does not even call the OPEN function for the "old" SID that it no longer wants to use. I also tried to use the generic PHPSESSID name instead of the custom "sessionID" by not setting the custom name, but the problem still exists. This is my configure line: './configure' '--with-apache=../apache_1.3.28' '--with-mhash=/usr/local/lib' '--with-zlib-dir=/usr/local/lib' '--with-zip=/usr/local/lib' '--enable-memory-limit' '--enable-versioning' '--with-gd' '--enable-exif' '--with-config-file-path=/etc' '--enable-magic-quotes' '--enable-thread-safety' '--with-gettext' '--with-xml' '--with-mcrypt' '--enable-calendar' '--enable-bcmath' '--with-curl' '--with-curlwrappers' '--enable-ftp' '--enable-wddx' '--with-jpeg-dir=/usr/lib' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25934&edit=1
