ID: 25629
Updated by: [email]sniper@php.net[/email]
Reported By: john at tarot dot com
-Status: Open
+Status: Bogus
Bug Type: Session related
Operating System: Linux mike 2.4.19-16mdkenterpris
PHP Version: 4.3.1
New Comment:

Too old php version. We're at 4.3.3 already in which many many bugs,
including some in ext/session, have been fixed..
And likely it's your app that is doing something wrong anyway.


Previous Comments:
------------------------------------------------------------------------

[2003-09-22 12:12:01] john at tarot dot com

Description:
------------
We have a session-based app with a very large user base. Upon closing
the session a few users would end up having their session cookie set to
'deleted'. Upon subsequent visits to the site, users would find that
they were logged in as someone else because they were not the only user
whose session cookie specified "PHPSESSID=deleted". I have found a
workaround by testing whether the session cookie specifies
"PHPSESSID=deleted". when a session read occurs.

Reproduce code:
---------------
function sess_close() {
//close connection
global $SESS_DBH;
if( isset($SESS_DBH) )
$SESS_DBH->close();
return(true);
}

Expected result:
----------------
I expect the session cookie to be deleted.

Actual result:
--------------
session cookie is set to specify "PHPSESSID=deleted"




------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=25629&edit=1[/url]