Skip to content

Instantly share code, notes, and snippets.

@yohgaki yohgaki/bug72997.php
Last active Oct 19, 2016

Embed
What would you like to do?
<?php
ob_start();
ini_set('session.use_cookies', 1);
ini_set('session.save_handler', 'files');
session_name('BUG');
session_start();
// Bug0
session_regenerate_id(true);
// Bug1
header(sprintf('Set-Cookie: BUG=BUG1; expires=Sat, 03-Sep-2020 05:38:43 GMT; path=/;'));
//header(sprintf('Expires: BUG=BUG1; expires=Sat, 03-Sep-2020 05:38:43 GMT; path=/;'));
// Bug2
//header(sprintf('Set-Cookie: BUG=BUG2; expires=Sat, 03-Sep-2020 05:38:43 GMT; path=/;'), false);
// Bug3
//setcookie('BUG', 'BUG3', time() + 12345, '/');
session_commit();
/*****************
* Bug0 = OK
* Bug1 = OK
* Bug2 = OK
* Bug3 = OK
*
* Bug0 + Bug1 = BUG0 is removed
* Bug0 + Bug2 = OK
* Bug0 + Bug3 = OK
*
* Bug1 + Bug2 = OK
*
* Bug2 + Bug3 = OK
*
* BUG0 + BUG1 + BUG3 = BUG0 is removed
* BUG0 + BUG2 + BUG3 = OK
*
* From this result, there are 2 problems.
*
* session_regenerate_id() is OK
* setcookie() is OK.
*
* header('something') removes Set-Cookie header blindly previously sent. (Session cache limiter headers remain. Only Set-Cookie is removed)
* header('something', false) OK
*
* Problem is in header()
*
*****************/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.