ID: 35233 User updated by: gandalf at flock dot com Reported By: gandalf at flock dot com Status: Bogus Bug Type: Session related Operating System: * PHP Version: 5.0.5 New Comment:
> So the session_name() behaviour is correct. I understand your point of view, but try to understand mine. When a coder works on the session stuff, he can't know about all possible envoirnments where the code will be launched. When he finds session_name function and it's description, he simply uses it to (usually) check if session cookie exists. So it usually will looks like it was in MediaWiki (http://bugzilla.wikimedia.org/show_bug.cgi?id=3990) - in some place they choose session name, and later they simply check if session cookie exists (isset($_COOKIE[session_name()])) - this will work bad if session.auto_start is on. Even more. I have no chance to get the real name. So I'd propose either to document this in session_name docs, and add ability to check the REAL name (for example by providing get_session_name(true) to get the real one)? Previous Comments: ------------------------------------------------------------------------ [2005-11-16 10:24:15] [EMAIL PROTECTED] Why is that a bug? session_name() *does* change the session name, but it's too late, because session has already been started. So the session_name() behaviour is correct. ------------------------------------------------------------------------ [2005-11-16 04:50:54] gandalf at flock dot com Description: ------------ As mentioned in bugs 1988 and 16389 when you set up session.auto_start=true, then you can't play with session_name. It's ok. But if so, then session_name() should return the REAL name, not the false one. It's totally misleading to accept session name change (without an Exception). Reproduce code: --------------- 1) Set session.auto_start=true in php.ini 2) <?php session_name('foo'); session_start(); print('Session name: '.session_name()); ?> Expected result: ---------------- Session name: PHPSESSID Actual result: -------------- Session name: foo 'session_name()' should give the real session cookie name. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35233&edit=1
