PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Getting started with php and InterBase
phpwiki - The Wiki for PHP Developers
Creating a Printer Version � Grab Method
Spell Checking and URL Tricks
Transforming XML with XSL using Sablotron

[PHP-DEV] PHP 4.0 Bug #8184 Updated: session security bug(?) From: sniper <email protected>
Date: 01/30/01

Next message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #8144 Updated: apache dumps core after libphp.so loaded"
Previous message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #8347 Updated: /usr/local/apache/bin/apachectl start: httpd could not be started"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ID: 8184
Updated by: sniper
Reported By: zeles <email protected>
Old-Status: Feedback
Status: Closed
Bug Type: *Session related
Assigned To:
Comments:

No feedback.

--Jani

Previous Comments:
---------------------------------------------------------------------------

[2000-12-11 05:29:14] stas <email protected>
I don't understand something here. Do you really want the
session to be destroyed on each page call? What's the point
in such a "session" anyway then? Could you please explain?

---------------------------------------------------------------------------

[2000-12-09 12:34:17] zeles <email protected>
Hi!

A part of my php.ini looks like this:
session.gc_probability = 100
session.gc_maxlifetime = 0
session.cache_limiter = nocache
session.use_cookies = 0
session.auto_start = 0
session.use_trans_sid = 1
session.cookie_lifetime = 0

The situation:
the client cuts the URL of the actual page to the clipboard (the URL contains the session-id) and close the browser.
The session file becomes garbage and it will be collected at the next session call - I thought.
However, when the client opens the browser and pastes the URL into the address line - and there isn't any other session call from another client - PHP lets him in.
If the URL does not contain the session-id everything works fine: the garbage collector collects all of the garbage.

Summary: if the session_start() gets session-id by GET parameter or by a cookie, it doesn't check whether the session file is garbage or not.

I think it's a minor security bug.

Thanks
Zoltan Eles

---------------------------------------------------------------------------

Full Bug description available at: http://bugs.php.net/?id=8184

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #8144 Updated: apache dumps core after libphp.so loaded"
Previous message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #8347 Updated: /usr/local/apache/bin/apachectl start: httpd could not be started"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]