php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44545 Numeric keys in sessions fail silently
Submitted: 2008-03-27 10:42 UTC Modified: 2008-03-27 12:46 UTC
From: info at concept47 dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.5 OS: Windows Xp sp2
Private report: No CVE-ID: None
View Developer Edit
 [2008-03-27 10:42 UTC] info at concept47 dot com 
Description:
------------
trying to use numeric keys for sessions vars, fails, silently. This is bad and can lead to lost hours/money for developer. I am just asking for this sort of assignment to fail in a far more obvious manner.

Reproduce code:
---------------
$_SESSION['1234'] = "boooo!"

Expected result:
----------------
I expect the session variable to be stored or else fail miserably like this assignment would

$123 = "dummy!"

Actual result:
--------------
the session variable with a numeric key is never stored ... and it might take a developer a while to figure out why, as other session vars are stored just fine.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-27 11:30 UTC] jani@php.net 
RTFM: "The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual. "

Found at http://php.net/session
 [2008-03-27 11:31 UTC] jani@php.net 
And as this $_SESSION is "special" we can not add any errors when it's passed invalid data. You just have to _know_ this.
 [2008-03-27 12:46 UTC] info at concept47 dot com 
And as this $_SESSION is "special" we can not add any errors when it's
passed invalid data

--- can you elaborate more on this? because that it is what I don't understand.

Why will

$1234 = "me";

fail fantastically but ...

$_SESSION['1234'] = "me"

not.
 [2012-08-30 16:21 UTC] william at piecewise dot com 
I would have to agree. I had no idea about this rule for session vars and as a 
result lost about an hour and a half before I stumbled across this post.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 19:01:29 2024 UTC