From: napalm at spiderfish dot net
Operating system: redhat linux
PHP version: 4.3.2
PHP Bug Type: Unknown/Other Function
Bug description: strange cookie behaviour

Description:
------------
The problem:

- Theoretically

Login Page: Checks if one of the cookies variables is set and if so,
proceed with the login. Otherwise shows the login form. On submit calls
the dologin() function.

Login: Access db, register session variables and cookies (if checkbox is
checked) -> Redirects to temp.php -> Since the user is logged in, shows
the option for logout.

Logout: Unsets session variables as well as cookies -> Redirects to
temp.php?actID=0 - logout() -> Since the session was destroyed the user is
now sent to the login page but this time with a notice that he was
sucessfully logged out.

- Practically

Login: Everything smooth

Logout: The unset part goes without any problem and after the redirection
the user is sent again to the login page. At this point I can't understand
how but the $this->dologin() function is called. The final output will be
exactly the same as if the user is logging in for the first time without
any notice of the sucessful logout as supposed.

--

Strange facts:

- I checked if the cookie was set and the answer is NO so how could the
dologin function be called???
- Tried to remove the mysql functions from the dologin() and it worked
fine.
- Tried to comment the "$this->dologin($_COOKIE['sl_reporterid'],
$_COOKIE['sl_password'], NULL, 1);" line and guess what, it worked as
supposed!???
- If the script dont store any cookies (checkbox !checked) it works ok.

I did a great effort to understand what was going and since I could't live
without knowing the cause I reported what I think it's some "kind" of
bug.

Script source: [url]http://projects.spiderfish.net/spylog/temp.txt[/url]
Working example #1: [url]http://projects.spiderfish.net/spylog/temp.php[/url] - with
the problem
Working example #2: [url]http://projects.spiderfish.net/spylog/temp2.php[/url] -
without the problem (commented the line that calls the dologin function as
refered above)
PHP Info: [url]http://projects.spiderfish.net/spylog/phpinfo.php[/url]

Best Regards

Joćo


--
Edit bug report at [url]http://bugs.php.net/?id=24713&edit=1[/url]
--
Try a CVS snapshot (php4): [url]http://bugs.php.net/fix.php?id=24713&r=trysnapshot4[/url]
Try a CVS snapshot (php5): [url]http://bugs.php.net/fix.php?id=24713&r=trysnapshot5[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=24713&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=24713&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=24713&r=needtrace[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=24713&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=24713&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=24713&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=24713&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=24713&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=24713&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=24713&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=24713&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=24713&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=24713&r=gnused[/url]