[PHP-DEV] PHP 4.0 Bug #9390 Updated: PHPSESSID adds itself to $HTTP_POST_VARS From: aaron.lake <email protected>
Date: 03/19/01

ID: 9390
User Update by: aaron.lake <email protected>
Old-Status: Feedback
Status: Open
Bug Type: *Session related
Description: PHPSESSID adds itself to $HTTP_POST_VARS

Thanx Jani,

As suggested:

In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

when i added this conf. directive and bounced the web server, $HTTP_POST_VARS (using the POST method) contained
NO elements.

I added this directive to my identical development environment and noticed no ill effects.

Previous Comments:
---------------------------------------------------------------------------

[2001-03-19 14:12:47] sniper <email protected>
Both environments run same php.ini? Same version of PHP?
Same configure line used on building both PHP's?

--Jani

---------------------------------------------------------------------------

[2001-03-19 14:05:53] aaron.lake <email protected>
Thanx Jani,

As suggested:

In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

when i added this conf. directive and bounced the web server, $HTTP_POST_VARS (using the POST method) contained
NO elements.

I added this directive to my identical development environment and noticed no ill effects.

---------------------------------------------------------------------------

[2001-03-16 17:46:41] sniper <email protected>
In php.ini:

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Remove the last setting, form=fakeentry.
(or if you don't have this directive in your php.ini,
add it without the last setting.)

--Jani

---------------------------------------------------------------------------

[2001-03-16 17:37:13] sas <email protected>
Since you are using the transparent session id feature, the obvious question is: Do you use forms with method=POST?

---------------------------------------------------------------------------

[2001-02-21 20:41:51] aaron.lake <email protected>
Problem:

For some reason PHP adds PHPSESSID to $HTTP_POST_VARS

At login, I use:
session_start():
$sid = session_id();
session_register("sid");
etc.....

2 pages into the session the var PHPSESSID
appears as the first element in the post array.

My app has been been behaving until I started playing with
gc_probability in php.ini.

My identical dev website with identical code does not
reproduce this problem.

Config INFO:

Compile Directives:
'./configure' '--prefix=/../../php_prod' '--with-config_file_path=/../../php_prod/lib' '--with-oci8' '--with-apache=/../../apache_prod' '--enable-track-vars' '--enable-trans-sid' '--enable-ftp'

php.ini session config:

[Session]
session.save_handler = files ;
session.save_path=/usr/local/session ; session.use_cookies = 0 ; session.name = PHPSESSID ;
session.auto_start = 0 ; session.cookie_lifetime=0 ; session.cookie_path = /
session.serialize_handler = php ; session.gc_probability = 1 ; session.gc_maxlifetime = 1800 ; session.referer_check = ; session.entropy_length = 0 ; session.entropy_file = ; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter= nocache ; ; session.cache_expire = 180 ; session.use_trans_sid = 1 ;

[EOF]

---------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online.

Full Bug description available at: http://bugs.php.net/?id=9390 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>