[PHP-DEV] session_start and set-cookie woes

[Ralph Schindler]

Is there any reason why session_start should be sending a new
Set-Cookie: name=id on each and every session_start call?  It seems to
me the original functionality of this function would only send a
set-cookie if a valid session didn't already existed and/or was not 
provided by the client.

These are the changes I believe broke the original functionality of
sending a set-cookie header only when needed:

http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.353&r2=1.354

take a look at

line 1184 on the left
if (PS(send_cookie)) {
     php_session_send_cookie(TSRMLS_C);
}

turned into

php_session_reset_id(TSRMLS_C);

php_session_reset_id() auto calls the send cookie routine.

should this be default behavior?


To demonstrate the issue I have made a sample script called simpletest.php
--------------------------------------------------
<?
session_start();
?>





Here are the request and response headers from 2 calls to the simpletest 
script.
--------------------------------------------------
http://10.20.1.2/tests/sessions/simpletest.php

GET /tests/sessions/simpletest.php HTTP/1.1
Host: 10.20.1.2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) 
Gecko/20060111 Firefox/1.5.0.1
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://10.20.1.2/tests/sessions/
Cache-Control: max-age=0

HTTP/1.x 200 OK
Date: Tue, 04 Apr 2006 18:58:15 GMT
Server: Apache
X-Powered-By: PHP/5.1.1-gentoo
Set-Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0
Pragma: no-cache
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
----------------------------------------------------------
http://10.20.1.2/tests/sessions/simpletest.php

GET /tests/sessions/simpletest.php HTTP/1.1
Host: 10.20.1.2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) 
Gecko/20060111 Firefox/1.5.0.1
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://10.20.1.2/tests/sessions/
Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a
Cache-Control: max-age=0

HTTP/1.x 200 OK
Date: Tue, 04 Apr 2006 18:58:19 GMT
Server: Apache
X-Powered-By: PHP/5.1.1-gentoo
Set-Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0
Pragma: no-cache
Content-Length: 0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
----------------------------------------------------------

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php