Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:66486
Return-Path: <inefedor@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75281 invoked from network); 6 Mar 2013 10:12:06 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Mar 2013 10:12:06 -0000
Authentication-Results: pb1.pair.com header.from=inefedor@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=inefedor@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.170 as permitted sender)
X-PHP-List-Original-Sender: inefedor@gmail.com
X-Host-Fingerprint: 209.85.217.170 mail-lb0-f170.google.com  
Received: from [209.85.217.170] ([209.85.217.170:41612] helo=mail-lb0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 85/40-03015-57617315 for <internals@lists.php.net>; Wed, 06 Mar 2013 05:12:06 -0500
Received: by mail-lb0-f170.google.com with SMTP id ge1so5566049lbb.1
        for <internals@lists.php.net>; Wed, 06 Mar 2013 02:12:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=x-received:content-type:to:date:subject:mime-version
         :content-transfer-encoding:from:message-id:user-agent;
        bh=rvLuNFPXqZEvTtVhmhZLmV36trrEJp8ykD+Dh4Liw+Y=;
        b=HnHVNUew+C4COCiZlEtpRO8rwRp+BfIQ1aZAS86lb+7FUCW58oFrxe4F04jPOGKnAR
         oPaK4csefmOAZqMERl95CopCOHB0Fb/rAJkebnTpE4/b/9ss2uUrCSQHfVXzf0M2qnJ8
         AO2PGOZy68/nW4uHVWUZ41jA8EfjMnH0XAFjVfONhY97oMyRiwjNsDAalL1T5LHdt8v2
         bkVfoL0eNtR6L0HMEZD/8pUzULFH8bEOzBpme469kYu6Q14KPFaTogWwRtI6pSmR/O3h
         iqyqwex1+/o0Q/TGcOfsG77zlO8oWe6RPDqeftnrPcFJdx9QjdCPg1dCG2fZKJaB3Crc
         nnRQ==
X-Received: by 10.112.26.10 with SMTP id h10mr7351079lbg.63.1362564721951;
        Wed, 06 Mar 2013 02:12:01 -0800 (PST)
Received: from nikita2206-n56vj ([217.174.184.92])
        by mx.google.com with ESMTPS id fz16sm15566443lab.5.2013.03.06.02.12.00
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Wed, 06 Mar 2013 02:12:01 -0800 (PST)
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
To: "internals@lists.php.net" <internals@lists.php.net>
Date: Wed, 06 Mar 2013 14:11:58 +0400
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Message-ID: <op.wtirx8zjc9evq2@nikita2206-n56vj>
User-Agent: Opera Mail/12.14 (Linux)
Subject: Should sessions override user sent headers?
From: inefedor@gmail.com ("Nikita Nefedov")

Hi,

so I stumbled upon this bug report: https://bugs.php.net/bug.php?id=64357

It's fairly easily fixable, but I don't know if it's even a bug... The  
problem here: sessions always send Expire header (except for  
private_no_expire), so if user (php user) sent Expire header before  
session_start() call, it will be replaced (see  
https://github.com/php/php-src/blob/master/ext/session/session.c#L1066 and  
ADD_HEADER macros for example).