Description: ------------ When authenticating with default settings the session id changes after starting the authentication. This can be avoided by setting the option 'sessionSharing' to false, but seems a bit strange for the default behaviour and (imho) should at least be documented. Test script: --------------- // setting the database connection options $AuthOptions = array( 'dsn'=>"mysqli://mylogin:mypass@localhost/davcms", 'table'=>"lauth_user", 'usernamecol'=>"login", 'passwordcol'=>"passwd", 'cryptType'=>"none", ); $a = new Auth_HTTP("DB", $AuthOptions); $a->setRealm('myrealm'); $a->setCancelText('<h2>Error 401</h2>'); echo "Before:".session_id()."<br />"; $a->start(); // starting the authentication process echo "After:".session_id()."<br />"; Expected result: ---------------- Before:jdal6or5qt0uhtgnpngudsmqk7 After:jdal6or5qt0uhtgnpngudsmqk7 Hello username welcome to my secret page Actual result: -------------- Before:jdal6or5qt0uhtgnpngudsmqk7 After:77579319ce2e19fffcca4cefa9e84ddc Hello username welcome to my secret page

This is a pretty annyoing problem. Also noticed it in UNIX environment, and resulted in an always empty session. Suggest the option "sessionSharing" be defaulted to false.

This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. "sessionSharing" is disabled by default.