Version: (using KDE KDE 3.1.4) Installed from: Gentoo Packages Compiler: gcc 3.2.3 OS: Linux First of all: I think this bug i related to bug 57556. It's just for javascript popup windows instead of a href target="_blank" type of windows. When opening pupup windows via javascript by doing something like: javascript:window.open('test.php', 'test') session cookies is for some reason not handled correctly. I have not seen this problem before recently when i upgraded php on my webserver to 4.3.3. With the help of the network traffic sniffing program "ethereal" i see the difference between php 4.3.2 and 4.3.3: In 4.3.2 the session cookie is only set on the first http request. With 4.3.3 a Set-Cookie header is sent back with each and every http response. This isn't exactly a bug in php but just a bit strange behaviour. Here's how to reproduce the error: Create two simple pages on the webserver (running php 4.3.3 ofcourse). In the first one create a session, put something in it and create a link to the other page: <a href="javascript:window.open('test.php', 'test')">test</a>. In the other file just write out the contents of the session. Now open up the first page in konqueror. Click the link, close the popup window. Click the link again. Now the session contents has disappeared. (If it doesn't fail on the first attempt try clicking the link and closing the window a few times more). By looking into the http traffic with ethereal i see the following: I open the first page. Konqueror requests the first page and PHP sends back a "Set-Cookie: PHPSESSID=79b79s8(and so on); path=/" http header. Now i click on the link. Konqueror makes a http GET request containing a "Cookie: PHPSESSID=8g7sf9bv". PHP sends back the expedted result but includes a "Set-Cookie: PHPSESSID=79b79s8(and so on); path=/" in the header. This is new since php version 4.3.3 but i don't see anything wrong with that. Now i close the window and click the link again. This time konqueror does NOT include the "Cookie: PHPSESSID=8g7sf9bv" header. This ofcourse makes php generate a new session id and set a new cookie. As described in bug 57556 i can work around this by setting an expire time on the session cookie. This isn't exactly a usable sollution as the cookie is now no longer a session cookie ;-)
claiming it's kjs
i've had the same problem: i wrote a small web app in php that uses sesssions to maintain user privileges between pages. now, between individual pages, it seems to work, but if one of the links in the app that i click on happens to open a popup (which includes the session_start(); function), the a new session id is created, rather than keeping the old one used on the previous pages. in internet explorer and mozilla, the session id is kept the same throughout, regardless of whether we're using a popup or not. but konqueror is breaking my app. the main part of the app is just an image browser, and the popups are larger versions of the image with detailed info, so browsing from thumbnail set to set to set is fine, the session id remains the same. but once you open a popup, close it, and go to another page (or open a new popup) the session id is changed. here's an example of the code that both the main page and the popup are using: <? session_start(); $_SESSION["id"] = session_id(); ?> and here's a link to the site (though the ip is dynamic so you never know, AND you can't really see any of the session stuff 'cause i'm not posting a login, but the entire codebase is downloadable from there: http://imager.cravingthesoulfood.org:8080/ so is this a bug or a feature?
The IMP webmail program is also broken by this bug.
I can confirm that downgrading PHP to 4.3.2 does fix this. PHP 4.3.4 also has the problem however so it may be that all future versions will do the same thing. I agree that the problem isn't what PHP is doing, but what Konqueror is doing.
I don't believe this bug is related to kjs, I can reproduce it by right-clicking an image and then selecting "view image", which opens up a new window containing only the image, if I then reloade this window, my session cookie is gone. This surely does not involve any JavaScript code.
Created attachment 4181 [details] Testcase showing the bug in action Observe the session id printed out, now click the link to open the popup, now close the popup. Refresh the test1.php page with F5, observe the session id changes. Remember it must be tried out on PHP 4.3.3
Sorry, but we won't install some PHP version and debug what's going on in there. What might help though is if you track the network traffic with tcpdump and attach it here (probably also compared with e.g. IEs or mozillas)
Stephen, this is definitely a Konqueror bug as every other Browser works properly. The problem is very clearly described by the original poster so I am not certain what you are looking for from tcpdump. Be more specific what you want to know beyond what has already been posted and I will provide the information. Note that it's not just PHP apps that open popups that are broken by this. I noticed that t-mobile.com has the same problem and that site uses ASP.
Still an issue in KDE 3.2.2
This is not a kjs problem, but a cookiejar problem. It has already been addressed for the upcoming 3.3 as well as the 3.2.3 releases. See http://bugs.kde.org/show_bug.cgi?id=64182 *** This bug has been marked as a duplicate of 64182 ***