Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.4

Bug #7956 loosing auth status after session_regenerate_id
Submitted: 2006-06-21 13:57 UTC
From: mvonarx at tiscali dot ch Assigned: aashley
Status: Bogus Package: Auth (version 1.3.0)
PHP Version: 4.3.2 OS: Linux
Roadmaps: (Not assigned)    
Subscription  


 [2006-06-21 13:57 UTC] mvonarx at tiscali dot ch (marco)
Description: ------------ in PHP Versions prior to 4.3.3 you can loose session data after session_regenerate_id. this occurs for example in older opera browsers with cookies disabled. and also in internet explorer. you can succesfully login to auth-protected area. after reloading page you have to reenter credentials. you have to store old session data in a var and then restore data after regenerating session id. see code snipped below. workaround found on php.net at function session_regenerate_id Test script: --------------- you can use example in package documentation fix setAuth Method in Auth.php with: session_start(); $old_sessid = session_id(); session_regenerate_id(); $new_sessid = session_id(); session_id($old_sessid); session_destroy(); $old_session = $_SESSION; session_id($new_sessid); session_start(); $_SESSION = $old_session; Expected result: ---------------- stay authenticated!! Actual result: -------------- loosing auth status

Comments

 [2006-08-10 01:36 UTC] aashley at php dot net (Adam Ashley)
Thank you for taking the time to report a problem with PHP. Unfortunately you are not using a current version of PHP -- the problem might already be fixed. Please download a new PHP version from http://www.php.net/downloads.php If you are able to reproduce the bug with one of the latest versions of PHP, please change the PHP version on this bug report to the version you tested and change the status back to "Open". Again, thank you for your continued support of PEAR. Dependancies have been updated to indicate that Auth requires PHP4.3.3 and higher to work securely