Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.1.8

Bug #7784 Auth::start() changes session id
Submitted: 2006-06-01 17:21 UTC
From: mikkoh at emedia dot fi Assigned: hirokawa
Status: Closed Package: Auth_HTTP (version 2.1.6)
PHP Version: 5.1.4 OS: Windows XP
Roadmaps: (Not assigned)    

 [2006-06-01 17:21 UTC] mikkoh at emedia dot fi (Mikko Hämäläinen)
Description: ------------ When authenticating with default settings the session id changes after starting the authentication. This can be avoided by setting the option 'sessionSharing' to false, but seems a bit strange for the default behaviour and (imho) should at least be documented. Test script: --------------- // setting the database connection options $AuthOptions = array( 'dsn'=>"mysqli://mylogin:mypass@localhost/davcms", 'table'=>"lauth_user", 'usernamecol'=>"login", 'passwordcol'=>"passwd", 'cryptType'=>"none", ); $a = new Auth_HTTP("DB", $AuthOptions); $a->setRealm('myrealm'); $a->setCancelText('<h2>Error 401</h2>'); echo "Before:".session_id()."<br />"; $a->start(); // starting the authentication process echo "After:".session_id()."<br />"; Expected result: ---------------- Before:jdal6or5qt0uhtgnpngudsmqk7 After:jdal6or5qt0uhtgnpngudsmqk7 Hello username welcome to my secret page Actual result: -------------- Before:jdal6or5qt0uhtgnpngudsmqk7 After:77579319ce2e19fffcca4cefa9e84ddc Hello username welcome to my secret page


 [2006-07-09 21:56 UTC] drabaal at gmail dot com (drabaal)
This is a pretty annyoing problem. Also noticed it in UNIX environment, and resulted in an always empty session. Suggest the option "sessionSharing" be defaulted to false.
 [2006-10-01 23:23 UTC] hirokawa (Rui Hirokawa)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. "sessionSharing" is disabled by default.