Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:22664 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4436 invoked by uid 1010); 4 Apr 2006 20:17:01 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 4420 invoked from network); 4 Apr 2006 20:17:01 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Apr 2006 20:17:01 -0000 X-Host-Fingerprint: 69.2.42.244 unknown Linux 2.4/2.6 Received: from ([69.2.42.244:33324] helo=users.smashlabs.com) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id F4/F6-19347-934D2344 for ; Tue, 04 Apr 2006 16:16:58 -0400 Received: (qmail 249 invoked by uid 210); 4 Apr 2006 15:16:43 -0500 Received: from 66.179.208.36 by users.smashlabs.com (envelope-from , uid 201) with qmail-scanner-1.24st (perlscan: 1.24st. Clear:RC:0(66.179.208.36):. Processed in 0.071979 secs); 04 Apr 2006 20:16:43 -0000 X-Qmail-Scanner-Mail-From: ralph@smashlabs.com via users.smashlabs.com X-Qmail-Scanner: 1.24st (Clear:RC:0(66.179.208.36):. Processed in 0.071979 secs Process 9033) Received: from unknown (HELO ?216.136.107.206?) (ralph@smashlabs.com@66.179.208.36) by 244.42.ntg.com with AES256-SHA encrypted SMTP; 4 Apr 2006 15:16:42 -0500 Message-ID: <4432D542.1000700@smashlabs.com> Date: Tue, 04 Apr 2006 15:21:22 -0500 User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: session_start and set-cookie woes From: ralph@smashlabs.com (Ralph Schindler) Is there any reason why session_start should be sending a new Set-Cookie: name=id on each and every session_start call? It seems to me the original functionality of this function would only send a set-cookie if a valid session didn't already existed and/or was not provided by the client. These are the changes I believe broke the original functionality of sending a set-cookie header only when needed: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.353&r2=1.354 take a look at line 1184 on the left if (PS(send_cookie)) { php_session_send_cookie(TSRMLS_C); } turned into php_session_reset_id(TSRMLS_C); php_session_reset_id() auto calls the send cookie routine. should this be default behavior? To demonstrate the issue I have made a sample script called simpletest.php -------------------------------------------------- Here are the request and response headers from 2 calls to the simpletest script. -------------------------------------------------- http://10.20.1.2/tests/sessions/simpletest.php GET /tests/sessions/simpletest.php HTTP/1.1 Host: 10.20.1.2 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://10.20.1.2/tests/sessions/ Cache-Control: max-age=0 HTTP/1.x 200 OK Date: Tue, 04 Apr 2006 18:58:15 GMT Server: Apache X-Powered-By: PHP/5.1.1-gentoo Set-Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 0 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 ---------------------------------------------------------- http://10.20.1.2/tests/sessions/simpletest.php GET /tests/sessions/simpletest.php HTTP/1.1 Host: 10.20.1.2 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://10.20.1.2/tests/sessions/ Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a Cache-Control: max-age=0 HTTP/1.x 200 OK Date: Tue, 04 Apr 2006 18:58:19 GMT Server: Apache X-Powered-By: PHP/5.1.1-gentoo Set-Cookie: PHPSESSID=679449c50fd155c96311bfac50bcec5a; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 0 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 ----------------------------------------------------------