#39739 [Opn->Bgs]: session_start() doesnt check if there is a duplicate cookie

Tue, 05 Dec 2006 01:59:27 -0800 

 ID:               39739
 Updated by:       [EMAIL PROTECTED]
 Reported By:      cameron dot brunner at gmail dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         Session related
 Operating System: Gentoo Linux
 PHP Version:      5CVS-2006-12-05 (CVS)
 New Comment:

Duplicate of bug #38104.


Previous Comments:
------------------------------------------------------------------------

[2006-12-05 02:59:27] gavin at vess dot com

Also, when using cookies for session id's, and the user agent has no
session cookie, invoking start_session(), later followed by
session_regenerate_id(), we also end up with two session cookies.  The
same occurs with duplicate calls to session_regenerate_id().  Most user
agents only use the last one.

Sure, we could make userland code smarter to avoid regenerating an id,
after session_start() by using session_id() first, but some userland
code requires extensive refactoring -e.g. to eliminate duplicate calls
to session_regenerate_id().

------------------------------------------------------------------------

[2006-12-05 02:50:10] cameron dot brunner at gmail dot com

Description:
------------
php seems to fail to check if there is already a setcookie for the
session in the queue and puts the same thing in again

Reproduce code:
---------------
<?php
ob_start();

session_start();
$id = session_id();

$_SESSION['asdf'] = 123;

var_dump($_SESSION);
session_write_close();

$_SESSION['asdff'] = 234;

var_dump($_SESSION);
session_start($id);

$_SESSION['a'] = 'b';

var_dump($_SESSION);
session_write_close();

var_dump($_SESSION);


Expected result:
----------------
X-Powered-By: PHP/5.2.1-dev
Set-Cookie: PHPSESSID=h00e0fl7o9ilgifoluqh8kdbg1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Content-type: text/html

array(1) {
  ["asdf"]=>
  int(123)
}
array(2) {
  ["asdf"]=>
  int(123)
  ["asdff"]=>
  int(234)
}
array(2) {
  ["asdf"]=>
  int(123)
  ["a"]=>
  string(1) "b"
}
array(2) {
  ["asdf"]=>
  int(123)
  ["a"]=>
  string(1) "b"
}


Actual result:
--------------
X-Powered-By: PHP/5.2.1-dev
Set-Cookie: PHPSESSID=h00e0fl7o9ilgifoluqh8kdbg1; path=/
Set-Cookie: PHPSESSID=h00e0fl7o9ilgifoluqh8kdbg1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Content-type: text/html

array(1) {
  ["asdf"]=>
  int(123)
}
array(2) {
  ["asdf"]=>
  int(123)
  ["asdff"]=>
  int(234)
}
array(2) {
  ["asdf"]=>
  int(123)
  ["a"]=>
  string(1) "b"
}
array(2) {
  ["asdf"]=>
  int(123)
  ["a"]=>
  string(1) "b"
}



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39739&edit=1

Reply via email to