Closed Bug 371241 Opened 17 years ago Closed 17 years ago

PHP Session Conflicts

Categories

(Firefox :: Tabbed Browser, defect)

Product:
Firefox
Component:
Tabbed Browser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: absolutehype, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

I am a web developer and have built various Content Management Systems with PHP. I use sessions to control user authentication and so forth. When i login to one of my CMS in one tab and then open another tab and do the same with a different CMS using sessions the two tabs conflict. The PHP variables set in the second tab overwrite the first despite different session names and so forth. When i POST a form it also seems to affect session variables in a different tab. Shouldnt each tab be treated as a unique browser window? This session conflicting can lead to hijacking on various sites. I have consulted with various web developers who have had similar problems and there is nothing that can be done our end to resolve the matter. This is definately a browser issue.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
This would only happen if the sessions are using the same cookie to set the session, and were on the same host. Both are easily controllable in PHP.

I maintain a number of customers websites using CMS's so I can confirm that I do not see this issue at all.

marking incomplete, please supply a testcase to reproduce this, comment #1 is the only way of having conflicting sessions (using the same cookie on the same host)

feel free mto reopen if you can provide a testcase to reproduce with and comment #1 does not apply to your env
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
I have a similar problem in PHP session handling. when I open my website in
two or more tabs in Firefox, it is using
the same session, so the another
tab is just a copy of the previous tab. What i do in one will affect
the another and vice-versa. Even if i open Firefox again, it will use
the same session of the previous session. But that is not what I need
mostly of time, specially when i want to copy information from one
place to another in my web application. This problem does not exists
in IE!! 

example 

first.php

<?session_start();

$_SESSION['var1'] = rand(2,8);
print("<html><body><form name='payonline' method='post' action='second.php'");
print("<input type='hidden' name='MD' value='P'>");
print("<input type='hidden' name='CG' value='Y'>");
print("<input type='submit' value='Pay Now!'>");
print("</form>");
print("</body></html>");

?>

second.php

<?session_start();
print($_SESSION['var1']);
?>

first open the first.php in one tab and click on submit button, the second.php file will display the value of var1 then open a new tab/window and access the first.php, again click on submit button will show the vale of 'var1'. Now if you  reload the second.php in first tab u can see that the value has been changed to second tabs value.This is a big problem when doing some online transaction.
Please solve this problem as soon as possible.

thank u
bhat
You need to log in before you can comment on or make changes to this bug.