From:             [EMAIL PROTECTED]
Operating system: server: BSDI BSD/OS 4.1 Kernel #2    Client: Win2000
PHP version:      4.0.4pl1
PHP Bug Type:     *Session related
Bug description:  IE5.5 SP1: New browser instances displaying same session id

My browser:
IE 5.50.4522.1800  Update Version:; SP1;

When running the script below on different instances of my browser I get the SAME 
session id appear.  This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the 
expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security 

Many Thanks

        //Start the session.
        //This must be called before
        //sending any content.

        //Register a couple of variables

        //Set variable based on form input
        if($inputName != "")
                $Name = $inputName;
        //Increment counter with each page load
<TITLE>Listing 7.6</TITLE>
        //print diagnostic info
        print("<B>Diagnostic Information</B><BR>\n");
        print("Session Name: " . session_name() . "<BR>\n");
        print("Session ID: " . session_id() . "<BR>\n");
        print("Session Module Name: " . session_module_name() . "<BR>\n");
        print("Session Save Path: " . session_save_path() . "<BR>\n");
        print("Encoded Session:" . session_encode() . "<BR>\n");
        if($Name != "")
                print("Hello, $Name!<BR>\n");
        print("You have viewed this page $Count times!<BR>\n");
        //show form for getting name
        print("<FORM ACTION=\"$SCRIPT_NAME?".SID."\" METHOD=\"POST\">");        
        print("<INPUT TYPE=\"text\" NAME=\"inputName\" VALUE=\"$Name\"><BR>\n");
        print("<INPUT TYPE=\"submit\" VALUE=\"Change Name\"><BR>\n");   
        // added by dk (n.b. $SCRIPT_NAME is apache environment variable)
        print("script_name:  " . $SCRIPT_NAME . "<BR>\n");
        print("SID:  " . SID . "<BR>\n");
        // ----------------------------------------------
        //use a link to reload this page
        print("<A HREF=\"$SCRIPT_NAME?".SID."\">Reload</A><BR>\n");

Edit Bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to