PHP :: Bug #32496 :: Session string values are references

Bug #32496	Session string values are references
Submitted:	2005-03-30 05:23 UTC	Modified:	2005-04-01 02:12 UTC
From:	ceo at l-i-e dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.0.3	OS:	FreeBSD 5.3-RELEASE
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ceo at l-i-e dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-03-30 05:23 UTC] ceo at l-i-e dot com

Description:
------------
<?php
  session_start();
  if (!isset($_SESSION['name'])){
    $_SESSION['name'] = 'Richard Lynch';
  }
  else{
    $name = $_SESSION['name'];
  }
  /* Assume a ton of code goes here */
  $name = 'Fooey';
  echo "Session name is: ", $_SESSION['name'], "<br />\n";
?>

Now, hit this page, re-load it, and what do *YOU* expect $_SESSION['name'] to output?

A) 'Richard Lynch', because you never re-assigned $_SESSION['name']
B) 'Fooey' because $name is a reference, and you changed it, so that changed your session data.

*I* expected A)
Alas, the reality is B)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-30 07:25 UTC] sniper@php.net

Using latest CVS + register_globals = Off -> Works just fine.

[2005-04-01 02:12 UTC] ceo at l-i-e dot com

Fixed in CVS, I guess.

Others have confirmed the bug in 5.0.3 on non FreeBSD platforms.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Jun 03 06:01:31 2024 UTC