ID: 25175
Updated by: [email][/email]
Reported By: phpbug at paypc dot com
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Linux 2.4
PHP Version: 4.3.2
New Comment:

Please try using this CVS snapshot:


For Windows:


Previous Comments:

[2003-08-21 04:33:50] phpbug at paypc dot com

*ARGH* I hate "thinkoes" -- it should be obvious from context (and
perusing my phpconfig) that I've TURNED OFF enable_trans_sid, not
turned it on.

Upon re-reading my posting (naturally AFTER I'd hit submit), I noted
the think-o.

My apologies.



[2003-08-21 04:31:10] phpbug at paypc dot com

OK, let me put forth some declarations so we're talking apples and

My test method:

echo -e "GET /legal/tester.php HTTP/1.1\r\nHost:\r\n" | nc 80 > dump

I wish to eliminate any possible "post-processing" or

IE: "nc" is netcat, a commonly available network tool.

OK, onto the results of my tests.

I copied and pasted sniper's code *EXACTLY* as presented, with
whitespaces and line spacing as entered. I obtained identical results
with both lynx and my netcat method, though lynx probably doesn't
support HTTP/1.1 because there was an additional header.

With Lynx Version 2.8.3rel.1:

HTTP/1.1 200 OK
Date: Thu, 21 Aug 2003 09:10:16 GMT
Server: Apache/1.3.27 Ben-SSL/1.48
Connection-Type: Keep-Alive
Content-Length: 4
Connection: close <<<<<<<<<<<<< Additional header
Content-Type: text/html

With netcat:

HTTP/1.1 200 OK
Date: Thu, 21 Aug 2003 09:10:55 GMT
Server: Apache/1.3.27 Ben-SSL/1.48
Connection-Type: Keep-Alive
Content-Length: 4
Content-Type: text/html

In comparing the actual bytes sent over the wire against the advertised
content-length, the Content-Length header is correct.

If you wish to inspect my PHP build and setup configuration, you may do
so at: <>

(I will be removing this after 24 hours.)

And yes, it's pretty loaded. And yes, trans_sid is enabled, but in all
of my test harnesses which employ sessions, I've enabled cookies - and
they are created/used by the browsers involved.

******* AHHHHHHAAAA *******

Arigatoo gozaimaa to Moriyoshi-san for cautioning me to turn on
trans_sid, because when I disable it in my global php.ini, the
discrepancy disappears!

For my "complex" web-application which formerly reported bad sizing, I
received the following header (after turning off trans_sid):

HTTP/1.1 200 OK
Date: Thu, 21 Aug 2003 09:20:47 GMT
Server: Apache/1.3.27 Ben-SSL/1.48
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
Pragma: no-cache
Set-Cookie: PHPSESSID=a1c8bfb3f409580e57206d7c19eac473; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 2825
Content-Type: text/html

And doing a wc -c on the content-portion matches this size exactly
(with my netcat test).

Third-party validation via usage of
<> confirms an exact
match of advertised Content-Length and what's actually received.

And lastly, and most importantly, the IE "hang" bug while accessing
this web application via an intranet is gone.

OK, fine, trans_sid broke it. Why? And should it have? I'm
suspicious that the Esteemed Moriyoshi-san nailed this specific setting
in advance, as if to suspect it being a potential cause for buggage.

Inquiring minds want to know - if it's by design, please add it to the
doentation and FAQ. I know alot of things about the ob_ functions
are unusual and cause some people hardship (of their own making). This
one came out of left field.



[2003-08-21 00:10:00] [email][/email]
> Set-Cookie: PHPSESSID=2989258979bd07405999448563ef4bfc; path=/
Perhaps you seem to have enabled session.use_trans_sid.
If so, first turn it off before trying the above script provided by


[2003-08-20 22:54:00] [email][/email]

try this script:

<?php ob_start(); ?>

header("Connection-Type: Keep-Alive");
header('Content-Length: ' . ob_get_length());
echo ob_get_length();


And access it with this command:

# lynx -head lynx -dump -head [url]http://localhost/test.php[/url]

I get this (correct) output:

HTTP/1.1 200 OK
Date: Thu, 21 Aug 2003 03:52:44 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.3RC5-dev
X-Powered-By: PHP/4.3.3RC5-dev
Connection-Type: Keep-Alive
Content-Length: 4
Connection: close
Content-Type: text/html


[2003-08-20 07:05:31] phpbug at paypc dot com

Very straightforward.

I have a preamble and postamble include on ALL of my main .php pages...
which use ADODB session management, some PEAR, and other typical
dynaweb goodies.

The Content-Length header is *ALWAYS* off by about 81 bytes, as in, the
ob_get_length() is always smaller than the actual size of the content

I've verified this with "netcat" - after trimming the headers from the
reply, the content is 81 bytes larger than advertised in the
Content-Length header.

I observed no change in behaviour after adding the ob_clean() call into
my header file.

OTHERWISE, things work fine.

What's the deal? Is Apache silently adding CRLF's?

I am NOT using the gzhandler or transparent compression here. This is
just straightforward output.

=Lord Apollyon=

Reproduce code:
The code for all of my index.php's consist of the following:

include_once '';
include_once '';

ob_clean(); // paranoid and desperate
header("Connection-Type: Keep-Alive");
?> contains:

header('Content-Length: ' . ob_get_length());

Note: there are no blank lines at the beginning of my *.inc or *.php

Expected result:
I would expect Content-Length to reflect the actual output size.


Edit this bug report at [url][/url]