php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #39227 php 5.1.6 introduced $_SESSION problems
Submitted: 2006-10-22 03:55 UTC Modified: 2006-10-23 23:53 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: martyn dot griffin at charter dot net Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.1.6 OS: Fedora 5
Private report: No CVE-ID: None
View Developer Edit
 [2006-10-22 03:55 UTC] martyn dot griffin at charter dot net 
Description:
------------
Using Fedora 5 and yum updated from PHP 5.1.4 to PHP 5.1.6
After completetion of update, I have lost access to all of my $_SERVER values. They disappear right after assigning them in every script I use, which has crippled my current application

Reproduce code:
---------------
<?PHP
// index.php
include_once('script/funcs.php');
setTheme('default');
echo 'BG Color-->'.$_SERVER['thmBGcol'];
?>

<?PHP
// funcs.php
function setTheme($thm)
{
  $_SERVER['thmBGcol'] = "#000066";
}

Expected result:
----------------
I expect the following line to be echoed:
BG Color-->#000066

instead I get
BG Color-->


Actual result:
--------------
instead I get
BG Color-->

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-22 05:44 UTC] rasmus@php.net 
You are assigning things to _SERVER?  That seems like a really bad idea.  What do you think that will do?  How about using $GLOBALS for that instead?

Having said that, I can't reproduce your problem here.  Are you running any 3rd-party extensions, or do you have variables_order in you php.ini file set to exclude "S" ?
 [2006-10-22 15:52 UTC] martyn dot griffin at charter dot net 
I owe all an appology - it must have been a senior moment!!

The issue applies to using  $_SESSION  not $_SERVER, so please change that in all my references.

I have the following set (or defaulted) in php.ini
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
variables_order = "EGPCS"
This was not changed since running 5.1.4 when the application functioned as expected.

Also, the example to reproduce the problem should be altered in the included code as:

<?PHP
// index.php
include_once('script/funcs.php');
setTheme('default');
echo 'BG Color-->'.$_SESSION['thmBGcol'];
?>

<?PHP
// funcs.php
session_start();
$_SESSION['BASE'] = 'default';
function setTheme($thm)
{
  $_SESSION['thmBGcol'] = "#000066";
}
?>

Every page used starts with the include for funcs.php.
 [2006-10-22 22:20 UTC] martyn dot griffin at charter dot net 
I think I understand why you could not recreate the problem?!
I was working using a frameset, where the SESSION values were being set in the page that defined the frames.
When the target pages were launched in each of the frames, all the SESSION values are gone. 
When I finally tested it outside of any frames, it all worked as expected.

To put this another way, when I create a simple frameset definition and at the start of it do something like:
$_SESSION['xxx']="abcdef";
that value never shows when I try to echo it from the page that the frame links to.

I have a WXP environment that is running PHP 5.1.5 and this problem does not occur. Unfortunately (for me!), I can not revert my Linux system back to pre-PHP 5.1.6
 [2006-10-23 08:22 UTC] tony2001@php.net 
PHP doesn't know anything (and doesn't care) about frames.
This is obviously not PHP problem.
 [2006-10-23 12:25 UTC] martyn dot griffin at charter dot net 
It apparently has to do with some sort of SESSION boundary handling, and was changed at the onset of 5.1.6. Perhaps some ini file setting that now defaults differently than before??
 [2006-10-23 12:40 UTC] tony2001@php.net 
No, there were no such changes in 5.1.6.
 [2006-10-23 23:53 UTC] martyn dot griffin at charter dot net 
Found root cause (but not reason for change).
The directory that was holding the php session values had its protection altered and Apache no longer was able to write to it. Hence no session values were found after being set. This did occur at the time the php 5.1.6 upgrades were applied, but have NO IDEA how or why. I know I did not do it, and no one else has access to the system.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Jul 14 03:01:31 2025 UTC