Closed Bug 130386 Opened 22 years ago Closed 22 years ago

tabbed browsing causes PHP session conflict

Categories

(SeaMonkey :: Tabbed Browser, defect)

Product:
SeaMonkey
Component:
Tabbed Browser
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: unit3, Assigned: jag+mozilla)

Details

This seems like a related problem to bug 101723, it looks like the cookie space
across all tabs is shared, and this causes problems if 2+ pages from the same
server attempt to use PHP sessions. It looks like since PHP sessions use the
same cookie name by default, only distinguished by domain, the second session to
become active will overwrite the first, effectively logging the user out of the
first session.

I stumbled across this by having a tab logged into Gallery
(gallery.sourceforge.net) on my server, and then opening another tab and logging
into Squirrel Mail (http://www.squirrelmail.org/) on the same server. When I
returned to the Gallery tab, I had apparently been logged out (really, I had
just lost the PHP session cookie value holding my login).

So, a somewhat rare occurance, and difficult for others to verify, but I have
consistantly reproduced on both 0.98 and 0.99 (202031104) under Win2k.
Correct me if I'm wrong, but won't the same problem occur if you do this with
two windows instead of two tabs (please do test/confirm this assertion)? The
browser as a whole "shares a cookie space", necessarily so, e.g. to allow you to
log into slashdot in one window, and be able to go there in another window
without having to log in again. If anything, this is a problem with the services
you're using.

Suggested resolution: invalid.
Hrm, you're correct, the same problem is exhibited in two seperate windows. I
assumed that each window kept track of "expire at end of session" cookies
seperately so that this problem wouldn't occur, but that doesn't seem to be the
case.

So, I'll go with your resolution, unless someone feels like implementing
seperate track of session-only cookies in each window/tab. ;)
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
mass-verification of Invalid bugs.

if you don't think the report is invalid, please check to see if it has already
been reported (it might be a duplicate instead). otherwise, make sure that there
are steps (a valid test case) that clearly display the issue as an unexpected
defect.

mail filter string for bugspam: SequoiadendronGiganteum
Status: RESOLVED → VERIFIED
Product: Core → SeaMonkey
You need to log in before you can comment on or make changes to this bug.