ID: 9502
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: *Session related
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
I suggest you report this to Microsoft. As it can not
by any means be a server side problem. And you said it
yourself, it works with older IE and with NS.
Still bogus.
Previous Comments:
---------------------------------------------------------------------------
[2001-06-15 08:40:42] [EMAIL PROTECTED]
I get the same session id's when I open up DIFFERENT instances of IE. So,
start->Programs->Internet Explorer
MULTIPLE times.
---------------------------------------------------------------------------
[2001-06-14 23:24:54] [EMAIL PROTECTED]
Of course you get same session id's. Cookies are
shared between new windows opened from same browser.
---------------------------------------------------------------------------
[2001-02-28 16:36:33] [EMAIL PROTECTED]
My browser:
IE 5.50.4522.1800 Update Version:; SP1;
When running the script below on different instances of my browser I get the SAME
session id appear. This does not occur in IE5.0 or Netscape 4.6/4.73 (i.e., I get the
expected behaviour of different session ids appearing).
Please can someone investigate this since it appears to be a very serious security
issue.
Many Thanks
Dipen
<?
//Start the session.
//This must be called before
//sending any content.
session_start();
//Register a couple of variables
session_register("Name");
session_register("Count");
//Set variable based on form input
if($inputName != "")
{
$Name = $inputName;
}
//Increment counter with each page load
$Count++;
?>
<HTML>
<HEAD>
<TITLE>Listing 7.6</TITLE>
</HEAD>
<BODY>
<?
//print diagnostic info
print("<B>Diagnostic Information</B><BR>n");
print("Session Name: " . session_name() . "<BR>n");
print("Session ID: " . session_id() . "<BR>n");
print("Session Module Name: " . session_module_name() . "<BR>n");
print("Session Save Path: " . session_save_path() . "<BR>n");
print("Encoded Session:" . session_encode() . "<BR>n");
print("<HR>n");
if($Name != "")
{
print("Hello, $Name!<BR>n");
}
print("You have viewed this page $Count times!<BR>n");
//show form for getting name
print("<FORM ACTION="$SCRIPT_NAME?".SID."" METHOD="POST">");
print("<INPUT TYPE="text" NAME="inputName" VALUE="$Name"><BR>n");
print("<INPUT TYPE="submit" VALUE="Change Name"><BR>n");
print("</FORM>");
// added by dk (n.b. $SCRIPT_NAME is apache environment variable)
print("script_name: " . $SCRIPT_NAME . "<BR>n");
print("SID: " . SID . "<BR>n");
// ----------------------------------------------
//use a link to reload this page
print("<A HREF="$SCRIPT_NAME?".SID."">Reload</A><BR>n");
?>
</BODY>
</HTML>
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9502&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
