PHP :: Bug #15645 :: session_unset() undefines non-session variables?

Bug #15645	session_unset() undefines non-session variables?
Submitted:	2002-02-20 08:30 UTC	Modified:	2002-02-21 03:12 UTC
From:	yannick at i4music dot net	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.1.1	OS:	Redhat 7.1
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-02-20 08:30 UTC] yannick at i4music dot net

session_unset() seems to undefine non-session variables. It happens with register_globals = off. It seems to behave just like if register_globals was on.

Example:

$domain = $_REQUEST["domain"];
if ($domain){
  echo $domain;  // correct
  session_start();
  session_unset();
  echo $domain;  // empty
  $_SESSION["domain"] = $domain;
};

So the problem seem to be: if a previous session variable is named "abc" (thus $_SESSION["abc"]), session_unset() will clear $_SESSION["abc"] but also the variable $abc which should not be in relation with it since register_globals is off.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-21 03:12 UTC] yohgaki@php.net

This bug has been fixed in CVS.

Thanks for reporting, but  I think this is fixed by Sterling.

[2002-02-21 03:46 UTC] yannick at i4music dot net

Ok. Sorry, but I couldn't check with the CVS version, since it was on a "production" server.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 05 17:01:34 2025 UTC