PHP Version 5.2.0-8+etch1

I have installed drupal on: http://www.mate.pl/ and http://www.ubercart.dev.mate.pl/

php $_COOKIE[session_name() returns cookie from domain .mate.pl instead of .ubercart.dev.mate.pl

How to test:

To test this, I added the following changes to session.inc at line 65-66 (debug)

$value .= ', $key='. $key;
$value .= ', $_COOKIE[session_name()='. $_COOKIE[session_name()];

1) First I visit: http://www.mate.pl/

cookie from FF web developer:

http://www.ubercart.dev.mate.pl/node
1 cookie
Name  PHPSESSID
Value 84f0544dc457badc077e14cb2a92376f
Host  .mate.pl
Path  /
Secure        No
Expires       20 April 2007 15:04:27

cookie from php (print_r($_COOKIE);): http://www.ubercart.dev.mate.pl/cookie.php

Array
(
    [PHPSESSID] => 84f0544dc457badc077e14cb2a92376f
)

sql:

mysql> select * from sessions;
Empty set (0.00 sec)

2) I visit http://www.ubercart.dev.mate.pl/

cookie from FF web developer:

http://www.ubercart.dev.mate.pl/
1 cookie
Name  PHPSESSID
Value 84f0544dc457badc077e14cb2a92376f
Host  .mate.pl
Path  /
Secure        No
Expires       20 april 2007 15:04:27

cookie from php (print_r($_COOKIE);): http://www.ubercart.dev.mate.pl/cookie.php

Array
(
    [PHPSESSID] => 84f0544dc457badc077e14cb2a92376f
)

sql:

mysql> select * from sessions;
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+
| uid | sid                              | hostname        | timestamp  | cache | session                                                                                           |
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+
|   0 | 84f0544dc457badc077e14cb2a92376f | 213.180.128.171 | 1175074441 |     0 | , $key=84f0544dc457badc077e14cb2a92376f, $_COOKIE[session_name()=84f0544dc457badc077e14cb2a92376f |
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+

3) I try to login to http://www.ubercart.dev.mate.pl/

cookie from FF web developer:

http://www.ubercart.dev.mate.pl/node
2 cookies
Name  PHPSESSID
Value 84f0544dc457badc077e14cb2a92376f
Host  .mate.pl
Path  /
Secure        No
Expires       20 april 2007 15:04:27

Name  PHPSESSID
Value 2d59f037639ebd6c8c6c35d4376feaae
Host  .ubercart.dev.mate.pl
Path  /
Secure        No
Expires       20 april 2007 15:08:59

cookie from php (print_r($_COOKIE);): http://www.ubercart.dev.mate.pl/cookie.php

Array
(
    [PHPSESSID] => 84f0544dc457badc077e14cb2a92376f
)

sql:

mysql> select * from sessions;
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+
| uid | sid                              | hostname        | timestamp  | cache | session                                                                                           |
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+
|   1 | 2d59f037639ebd6c8c6c35d4376feaae | 213.180.128.171 | 1175074538 |     0 | , $key=2d59f037639ebd6c8c6c35d4376feaae, $_COOKIE[session_name()=84f0544dc457badc077e14cb2a92376f |
|   0 | 84f0544dc457badc077e14cb2a92376f | 213.180.128.171 | 1175074538 |     0 | , $key=84f0544dc457badc077e14cb2a92376f, $_COOKIE[session_name()=84f0544dc457badc077e14cb2a92376f |
+-----+----------------------------------+-----------------+------------+-------+---------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

php $_COOKIE[session_name() returns the cookie from domain .mate.pl instead of .ubercart.dev.mate.pl

Comments

akentner’s picture

akentner commented

I running a multisite on 5.1 with following schema:

If you try to login at sub.area*.maindomain.org, you can't. Precisely, after a valid username and password, there is the login form again and no login error.

I did some tests and had a look on the http-headers (firebug rocks ;-) ) and found out, that www.maindomain.org and sub.area1.maindomain.org gets the same PHPSESSID by a cookie but sub.area1.maindomain.org gets an additional PHPSESSID, which looks like

www.maindomain.org

Host	www.maindomain.org
User-Agent	Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept	text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language	de,en-us;q=0.5
Accept-Encoding	gzip,deflate
Accept-Charset	ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive	300
Proxy-Connection	keep-alive
Referer	http://www.maindomain.org/
Cookie	PHPSESSID=623fbfecaba8785f537718cdf7d8a1a1

sub.area1.maindomain.org

Host	sub.area1.maindomain.org
User-Agent	Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept	text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language	de,en-us;q=0.5
Accept-Encoding	gzip,deflate
Accept-Charset	ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive	300
Proxy-Connection	keep-alive
Referer	http://sub.area1.maindomain.org/
Cookie	PHPSESSID=623fbfecaba8785f537718cdf7d8a1a1; PHPSESSID=2295218887140fb841617e429578165f

Two PHPSESSIDs. And at the subdomains the wrong one is chosen. IMHO there is only one allowed. I think there's the rub. But I don't know where to fix that.

Zen’s picture

Zen commented
Status: Active » Closed (duplicate)

Duplicate of http://drupal.org/node/56357