[php-maint] Bug#367359: php4: General cookie overrides more specific cookie (path) PHP#32802 still happening

Sammy Spets sammys-debian at synerger.com
Mon May 15 10:40:00 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: important

PHP Bug #32802 reported more specific cookie domains are being clobbered
by less specific ones for the same cookie name. In other words, cookies
with the same name are being used for PHP sessions in the wrong order.
I.e example.com is given preference over foo.example.com when viewing
foo.example.com. The bug report claims the fix was applied to PHP as
of 24/May/2005.

The bug report:

I'm still experiencing this bug, as are many other people. See

Some additional settings on my systems:
  magic_quotes_gpc: off
  register_globals: off
  magic_quotes_runtime: off

I have confirmed the sample fix (in PHP) supplied in the PHP bug report
fixes the problem in my case.


Sammy Spets
Synerger Pty Ltd

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages php4 depends on:
ii  libapache-mod-php4           4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-common                  4:4.3.10-16 Common files for packages built fr

-- debconf information:
  php4/run_apache_sslconfig: true
  php4/run_apacheconfig: true
  php4/update_apache_php_ini: true

More information about the pkg-php-maint mailing list