PHP :: Bug #23732 :: Assignment to global variable overwrites session-value

Bug #23732	Assignment to global variable overwrites session-value
Submitted:	2003-05-21 04:32 UTC	Modified:	2003-05-21 06:06 UTC
From:	daniel dot burckhardt at sur-gmbh dot ch	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	daniel dot burckhardt at sur-gmbh dot ch
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-05-21 04:32 UTC] daniel dot burckhardt at sur-gmbh dot ch

(this seems to be the same problem as in
Bug #20709  	Session variable getting mysteriously set
which has been closed)

When register_globals is On, the assignment
  $foo = 'bar';
has the side-effect of setting
  $_SESSION['foo'] = 'bar';

The following script shows this - enter a new value into the input-field and watch how $_SESSION['foo'] changes.

<?php
session_start();
if($_POST['submit'] != 'go') {
  if(empty($_SESSION['foo']))
    $_SESSION['foo'] = 'foo';
}
else
  $foo = $_POST['foo']; // This assignment overwrites $_SESSION['foo'] if and only if register_globals is on
?>
<html>
<body>
<?php echo 'Session:'.$_SESSION['foo']  ?>
<form action="session_test.php" method="post">
<input type="text" name="foo" />
<input type="submit" name="submit" value="go" />
</form>
</body>
</html>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-21 06:06 UTC] mgf@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is expected behaviour: at version 4.3.0, a defect was corrected so that now the global variable and the $_SESSION[] entry always reference the same value.  (In versions 4.1 and 4.2 this was not the case, which could lead to unexpected and non-intuitive results.)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 06 19:01:36 2025 UTC