Should sessions override user sent headers?

From: Nikita Nefedov Date: Wed, 06 Mar 2013 10:11:58 +0000

Subject: Should sessions override user sent headers?

Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

Hi,

so I stumbled upon this bug report: https://bugs.php.net/bug.php?id=64357

It's fairly easily fixable, but I don't know if it's even a bug... The problem here: sessions always send Expire header (except for private_no_expire), so if user (php user) sent Expire header before session_start() call, it will be replaced (see https://github.com/php/php-src/blob/master/ext/session/session.c#L1066 and ADD_HEADER macros for example).

Thread (2 messages)

Nikita NefedovWed, 06 Mar 2013 10:11:58 +0000
Stas MalyshevThu, 07 Mar 2013 08:37:23 +0000

« previous	php.internals (#66486)	next »

From:	Nikita Nefedov	Date:	Wed, 06 Mar 2013 10:11:58 +0000
Subject:	Should sessions override user sent headers?
Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message