|
Mantis - Quercus
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Severity:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
1696 |
|
minor |
always |
04-19-07 18:22 |
04-24-07 11:11 |
|
|
Reporter:
|
snb |
Platform:
|
|
|
|
Assigned To:
|
nam |
OS:
|
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
|
Status:
|
closed |
Product Version:
|
3.1.1 |
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
|
Projection:
|
none |
|
|
|
|
ETA:
|
none |
Fixed in Version:
|
3.1.1 |
|
|
|
Summary:
|
0001696: session_start() generates cookies with null domain |
|
Description:
|
When the php.ini session.cookie_domain value is unset, session_start() (and other functions that use SessionModule.generateSessionCookie()) will generate a cookie with the domain attribute set to an empty string. Firefox 2.0.0.3 on Mac OS X seems to just ignore these empty domain attributes and falls back to using the default domain--the server's hostname. Safari (version 2.0.4 at least) seems to ignore cookies like this. MediaWiki's login screen seems to use this session cookie to determine if a user has cookies enabled, and thus can log in, so Safari users will get an error message about having cookies disabled (when they do have them enabled) when attempting to log in. |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
I'll attach a small patch that fixes the problem. This patch makes the domain attribute not get set at all if php.ini's session.cookie_domain is not set. |
| Relationships | |
|
Attached Files:
|
 cookie_domain.patch [^] (677 bytes) 04-19-07 18:23 |