Description: ------------ Session ID should be unique for the session, so when many (2) users log in with the same credentials, they share the same session, that is a mess. Even with only one user the session variables are not expired when the session does, so the user got the same outdated session context when he logs in (if garbage collector did not run between sessions). As a worst case there should be a way to switch this behaviuor off instead of patching the code. Thank you, Ivan Gostev Reproduce code: --------------- In function assignData() line 88 should be commented out or removed: // session_id(md5("Auth_HTTP" . $this->username . $this->password));

Working on making the session sharing optional. Should appear on the next release.

This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. Fixed on RC1 using session sharing (default TRUE) a further fix will be posted on RC2 to be released in the next few days.