[PHP-DEV] PHP 4.0 Bug #9502: IE5.5 SP1: New browser instances displaying same session id

Wed, 28 Feb 2001 13:21:44 -0800 

From:             [EMAIL PROTECTED]
Operating system: server: BSDI BSD/OS 4.1 Kernel #2    Client: Win2000
PHP version:      4.0.4pl1
PHP Bug Type:     *Session related
Bug description:  IE5.5 SP1: New browser instances displaying same session id

My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME 
session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the 
expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security 
issue.

Many Thanks
Dipen

<?
        //Start the session.
        //This must be called before
        //sending any content.
        session_start();

        //Register a couple of variables
        session_register("Name");
        session_register("Count");

        //Set variable based on form input
        if($inputName != "")
        {
                $Name = $inputName;
        }
        
        //Increment counter with each page load
        $Count++;
?>
<HTML>
<HEAD>
<TITLE>Listing 7.6</TITLE>
</HEAD>
<BODY>
<?
        //print diagnostic info
        print("<B>Diagnostic Information</B><BR>\n");
        print("Session Name: " . session_name() . "<BR>\n");
        print("Session ID: " . session_id() . "<BR>\n");
        print("Session Module Name: " . session_module_name() . "<BR>\n");
        print("Session Save Path: " . session_save_path() . "<BR>\n");
        print("Encoded Session:" . session_encode() . "<BR>\n");
        
        print("<HR>\n");
        
        if($Name != "")
        {
                print("Hello, $Name!<BR>\n");
        }
        
        print("You have viewed this page $Count times!<BR>\n");
                
        //show form for getting name
        print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");        
        print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
        print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");   
        print("</FORM>");
        
        // added by dk (n.b. $SCRIPT_NAME is apache environment variable)
        print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
        print("SID:  " . SID . "<BR>\n");
        // ----------------------------------------------
        
        //use a link to reload this page
        print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");
?>
</BODY>
</HTML>


-- 
Edit Bug report at: http://bugs.php.net/?id=9502&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to