[SM-DEVEL] session login/logout problem -- sm or php problem?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have a problem where reading a html message containing an invalid img
line something like this:

<IMG src=3D=22cid:/snap.jpg=22>

would cause the user to be logged out (or at least they have to log back =
in).

I posted this problem a while ago and got no response so I submitted a bu=
g
for it (831550).  I was referred to 829946 which seemed to be the same
issue.

In 829946 it says to set:

session.use_trans_sid =3D 0

which I did in php.ini (and was always that way).

I have messed with other stuff in php.ini, but nothing helps.  Does anyon=
e
have any other ideas?  Does anyone else have this problem if you paste th=
e
img line above into an html message (in the html of course, probably
having to edit the file manually on the server side to insert it)?

I am running php 4.3.4 (with mod_fastcgi for apache), and sm 1.4.2.  I
have put my php.ini below.  Any suggestions would be greatly appreciated.=

=5BPHP=5D

;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;

engine =3D On
short_open_tag =3D On
asp_tags =3D Off
precision    =3D  14
y2k_compliance =3D On
output_buffering =3D 4096
zlib.output_compression =3D Off
implicit_flush =3D Off
unserialize_callback_func=3D
allow_call_time_pass_reference =3D Off

safe_mode =3D Off
safe_mode_gid =3D Off
safe_mode_include_dir =3D
safe_mode_exec_dir =3D
safe_mode_allowed_env_vars =3D PHP_
safe_mode_protected_env_vars =3D LD_LIBRARY_PATH
disable_functions =3D

expose_php =3D On

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

error_reporting  =3D  E_ALL
display_errors =3D Off
display_startup_errors =3D Off
log_errors =3D On
log_errors_max_len =3D 1024
ignore_repeated_errors =3D Off
ignore_repeated_source =3D Off
report_memleaks =3D On
track_errors =3D Off

;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;

variables_order =3D =22GPCS=22
register_globals =3D Off
register_argc_argv =3D Off
gpc_order =3D =22GPC=22

magic_quotes_gpc =3D Off
magic_quotes_runtime =3D Off
magic_quotes_sybase =3D Off

auto_prepend_file =3D
auto_append_file =3D

default_mimetype =3D =22text/html=22

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;

doc_root =3D
user_dir =3D
extension_dir =3D ./
enable_dl =3D On

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

upload_tmp_dir =3D /var/tmp

;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;

allow_url_fopen =3D On
default_socket_timeout =3D 60

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

=5BSyslog=5D
define_syslog_variables  =3D Off

=5BSQL=5D
sql.safe_mode =3D Off

=5BODBC=5D
odbc.allow_persistent =3D On
odbc.check_persistent =3D On
odbc.max_persistent =3D -1
odbc.max_links =3D -1
odbc.defaultlrl =3D 4096
odbc.defaultbinmode =3D 1

=5BMySQL=5D
mysql.allow_persistent =3D On
mysql.max_persistent =3D -1
mysql.max_links =3D -1
mysql.default_port =3D
mysql.default_socket =3D
mysql.default_host =3D
mysql.default_user =3D
mysql.default_password =3D
mysql.connect_timeout =3D -1
mysql.trace_mode =3D Off

=5Bdbx=5D
dbx.colnames_case =3D =22lowercase=22

=5Bbcmath=5D
bcmath.scale =3D 0

=5BInformix=5D
ifx.default_host =3D
ifx.default_user =3D
ifx.default_password =3D
ifx.allow_persistent =3D On
ifx.max_persistent =3D -1
ifx.max_links =3D -1
ifx.textasvarchar =3D 0
ifx.byteasvarchar =3D 0
ifx.charasvarchar =3D 0
ifx.blobinfile =3D 0
ifx.nullformat =3D 0

=5BSession=5D
session.save_handler =3D files
session.save_path =3D /var/tmp
session.use_cookies =3D 1
session.name =3D PHPSESSID
session.auto_start =3D 0
session.cookie_lifetime =3D 0
session.cookie_path =3D /
session.cookie_domain =3D
session.serialize_handler =3D php
session.gc_probability =3D 1
session.gc_dividend    =3D 1000
session.gc_maxlifetime =3D 1440
session.bug_compat_42 =3D 0
session.bug_compat_warn =3D 1
session.referer_check =3D
session.entropy_length =3D 0
session.entropy_file =3D
session.cache_limiter =3D nocache
session.cache_expire =3D 180
session.use_trans_sid =3D 0
url_rewriter.tags =3D =22a=3Dhref,area=3Dhref,frame=3Dsrc,input=3Dsrc,for=
m=3Dfakeentry=22

=5BMSSQL=5D
mssql.allow_persistent =3D On
mssql.max_persistent =3D -1
mssql.max_links =3D -1
mssql.min_error_severity =3D 10
mssql.min_message_severity =3D 10
mssql.compatability_mode =3D Off
mssql.secure_connection =3D Off

=5BIngres II=5D
ingres.allow_persistent =3D On
ingres.max_persistent =3D -1
ingres.max_links =3D -1
ingres.default_database =3D
ingres.default_user =3D
ingres.default_password =3D

=5BVerisign Payflow Pro=5D
pfpro.defaulthost =3D =22test-payflow.verisign.com=22
pfpro.defaultport =3D 443
pfpro.defaulttimeout =3D 30

=5BSockets=5D
sockets.use_system_read =3D On

=5BPHP=5D
memory_limit=3D20M
upload_max_filesize=3D20M
post_max_size=3D20M
max_execution_time=3D120
max_input_time=3D60
file_uploads=3DOn