From 00b89e2d3497bef7e9d4f159f7b8530858d778ee Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Fri, 20 May 2005 10:28:16 +0000
Subject: [PATCH] MFH: fix bug #32944 (Disabling session.use_cookies doesn't
 prevent reading session cookies)

---
 NEWS                  | 2 ++
 ext/session/session.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 0701d67027..941db23099 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,8 @@ PHP                                                                        NEWS
   (jwozniak23 at poczta dot onet dot pl, Tony).
 - Fixed bug #32956 (mysql_bind_result() doesn't support MYSQL_TYPE_NULL). (Georg)
 - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg)
+- Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading 
+  session cookies). (Jani, Tony)
 - Fixed bug #32936 (http redirects URLs are not checked for control chars). (Ilia)
 - Fixed bug #32932 (Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani)
 - Fixed bug #32930 (class extending DOMDocument doesn't clone properly). (Rob)
diff --git a/ext/session/session.c b/ext/session/session.c
index 4559e3e2d5..8db83409e5 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1134,7 +1134,7 @@ PHPAPI void php_session_start(TSRMLS_D)
 	 */
 
 	if (!PS(id)) {
-		if (zend_hash_find(&EG(symbol_table), "_COOKIE",
+		if (PS(use_cookies) && zend_hash_find(&EG(symbol_table), "_COOKIE",
 					sizeof("_COOKIE"), (void **) &data) == SUCCESS &&
 				Z_TYPE_PP(data) == IS_ARRAY &&
 				zend_hash_find(Z_ARRVAL_PP(data), PS(session_name),
-- 
2.50.1