php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22117 Session vars inappropriately created as references
Submitted: 2003-02-07 17:41 UTC Modified: 2003-05-22 17:11 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:5 (100.0%)
Same OS:2 (40.0%)
From: phpbugs at brianmertens dot com Assigned: sas (profile)
Status: Closed Package: Session related
PHP Version: 4.3.0 OS: Win NT 4
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-02-07 17:41 UTC] phpbugs at brianmertens dot com 
It took me a while to track this down...
we noticed that when we upgraded a develpment box
from 4.2.3 to 4.3.0, that one of our session vars
was being over-written by another.

It turns out that one was being serialized 
to the session as a reference to the other,
but only if the vars were intialized like this:

 $var1 = $var2 = "some value";

Consider two scripts, test_bug1.php and test_bug2.php

If you run test_bug1, and then test_bug2, surprisingly,
the output of test_bug2 will be:

BEFORE:
var1 = 'INITIALIZED'
var2 = 'INITIALIZED'

AFTER:
var1 = 'CHANGED'
var2 = 'CHANGED'

<?php
// test_bug1.php
session_start();

$var1 = $var2 = "INITIALIZED";
session_register("var1","var2");

echo "INIT:<br>\n";
echo "var1 = '$var1'<br>";
echo "var2 = '$var2'<br><p>";

echo "<a href='test_bug2.php'>test_bug2.php</a>";

?>

<?php
// test_bug2.php
session_start();

echo "BEFORE:<br>\n";
echo "var1 = '$var1'<br>\n";
echo "var2 = '$var2'<br><p>\n";

$var2 = "CHANGED";

echo "AFTER:<br>\n";
echo "var1 = '$var1'<br>\n";
echo "var2 = '$var2'<br><p>\n";

$var2 = "EXIT";

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-09 16:07 UTC] phpbugs at brianmertens dot com 
Here's the contents of the session file,
immediately after execution of my first
test script test_bug1.php, from versions
4.2.2 and 4.3.0:

session file from 4.2.2:
var1|s:11:"INITIALIZED";var2|s:11:"INITIALIZED";

session file from 4.3.0:
var1|s:11:"INITIALIZED";var2|R:1;
 [2003-02-09 16:33 UTC] phpbugs at brianmertens dot com 
Actually, I have created a simpler test case,
which produces the behaviour in one script,
and BEFORE serialization:

<?php
// bug3.php
session_start();
$var1 = $var2 = "INITIALIZED";
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>

Actual Output in 4.3.0:
CHANGED
CHANGED

Session data after execution
var1|s:7:"CHANGED";var2|R:1;

So it seems that $var2 is a reference of $var1,
but only if the session_start and session_register
functions are called.

Notes:
The bug occurs even if the "session_start();" and the "$var1 = $var2 = "INITIALIZED";" lines are swapped.

The buggy behaviour disappears if I move the line
"$var2 = "CHANGED"" above the session_register() call.
 [2003-02-09 16:36 UTC] phpbugs at brianmertens dot com 
Further searching makes me think that this may be
related to Bug #20583 :
http://bugs.php.net/bug.php?id=20583
 [2003-02-10 12:54 UTC] phpbugs at brianmertens dot com 
A colleague points out that this script also
produces the buggy behaviour.

<?php
session_start();
$var1 = "INITIALIZED";
$var2 = $var1;
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>
 [2003-02-10 13:03 UTC] sniper@php.net 
Just FYI, the following script works as expected:

<?php
session_start();

if (!isset($_SESSION['var1'])) {
    $_SESSION['var1'] = "INITIALIZED";
    $_SESSION['var2'] = $_SESSION['var1'];
    $_SESSION['var2'] = "CHANGED";
}

var_dump($_SESSION);
  
?>
 [2003-02-17 13:18 UTC] jneil at myersinternet dot com 
While there are some new cautionary notes regarding mixing the use of $_SESSION and session_register (and the other session functions), the example below (and the examples in related bugs) do not mix the two means of accessing session variables.  As the session_* functions have not been designated as deprecated code, current members of the PHP coding community must assume that these functions are still supported and should work.  Given that the code below from brianmertens is valid PHP syntax but yet shows a weakness in the session_register functions (possibly due to pointer problems in the underlying code given the nature of the error), this seems worthy of actually working on instead of pointing out similar code (although with a different approach and function list) that does not have the bug.  Are the developers of the PHP engine going to fix session_register or are they going to force the thousands of PHP developers who have used this function in good faith for several years to abandon it?
 [2003-05-22 16:31 UTC] phpbugs at brianmertens dot com 
Works with 4.3.2RC4.

This seems to be fixed sometime between 4.3.0 and 4.3.2RC4.

I guess this can be closed.
 [2003-05-22 17:11 UTC] sniper@php.net 
fixed -> closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 21:01:30 2024 UTC