tabbed browsing causes PHP session conflict

VERIFIED INVALID

Status

SeaMonkey
Tabbed Browser
--
minor
VERIFIED INVALID
16 years ago
10 years ago

People

(Reporter: Graeme Humphries, Assigned: jag (Peter Annema))

Tracking

Trunk
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
This seems like a related problem to bug 101723, it looks like the cookie space
across all tabs is shared, and this causes problems if 2+ pages from the same
server attempt to use PHP sessions. It looks like since PHP sessions use the
same cookie name by default, only distinguished by domain, the second session to
become active will overwrite the first, effectively logging the user out of the
first session.

I stumbled across this by having a tab logged into Gallery
(gallery.sourceforge.net) on my server, and then opening another tab and logging
into Squirrel Mail (http://www.squirrelmail.org/) on the same server. When I
returned to the Gallery tab, I had apparently been logged out (really, I had
just lost the PHP session cookie value holding my login).

So, a somewhat rare occurance, and difficult for others to verify, but I have
consistantly reproduced on both 0.98 and 0.99 (202031104) under Win2k.
(Assignee)

Comment 1

16 years ago
Correct me if I'm wrong, but won't the same problem occur if you do this with
two windows instead of two tabs (please do test/confirm this assertion)? The
browser as a whole "shares a cookie space", necessarily so, e.g. to allow you to
log into slashdot in one window, and be able to go there in another window
without having to log in again. If anything, this is a problem with the services
you're using.

Suggested resolution: invalid.
(Reporter)

Comment 2

16 years ago
Hrm, you're correct, the same problem is exhibited in two seperate windows. I
assumed that each window kept track of "expire at end of session" cookies
seperately so that this problem wouldn't occur, but that doesn't seem to be the
case.

So, I'll go with your resolution, unless someone feels like implementing
seperate track of session-only cookies in each window/tab. ;)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → INVALID
mass-verification of Invalid bugs.

if you don't think the report is invalid, please check to see if it has already
been reported (it might be a duplicate instead). otherwise, make sure that there
are steps (a valid test case) that clearly display the issue as an unexpected
defect.

mail filter string for bugspam: SequoiadendronGiganteum
Status: RESOLVED → VERIFIED
Product: Core → SeaMonkey
You need to log in before you can comment on or make changes to this bug.