php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33360 Pointer to item in $_SESSION superglobal causes troubles
Submitted: 2005-06-16 12:35 UTC Modified: 2005-06-16 16:23 UTC
From: luca dot fabbro at procne dot it Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.10 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: luca dot fabbro at procne dot it
New email:
PHP Version: OS:

 

 [2005-06-16 12:35 UTC] luca dot fabbro at procne dot it 
Description:
------------
Seems that once you've declared a pointer to one of the items in session superglobal any other assignment of a variable to that session item is alwayys treated as a pointer.

Tested on various versions of php 4.3 till 4.3.1
Register globals are OFF
php 5.0.4 having same error


Reproduce code:
---------------
session_start();
for ($i = 0; $i < 2; $i++)
{
	$_SESSION['storage'][$i] = array('items'=>$i);
}
$items = count($_SESSION['storage']);
for ($i = 0; $i < $items; $i++)
{
	$pointer = &$_SESSION['storage'][$i];
//	unset($pointer);	// Uncomment me to let me work properly
}
$gitems = $_SESSION['storage'];
foreach ($gitems as $key=>$val)
{
	$gitems[$key]['foo'] = time();
}


Expected result:
----------------
$_SESSION = Array
(
    [storage] => Array
        (
            [0] => Array
                (
                    [items] => 0
                )
            [1] => Array
                (
                    [items] => 1
                )
        )
)

Actual result:
--------------
$_SESSION = Array
(
    [storage] => Array
        (
            [0] => Array
                (
                    [items] => 0
                    [foo] => 1118913576
                )

            [1] => Array
                (
                    [items] => 1
                    [foo] => 1118913576
                )
        )
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-06-16 12:55 UTC] tony2001@php.net 
With "$pointer = &$_SESSION['storage'][$i];" you turn $_SESSION['storage'][$i]; into a reference.
But:
"Note: If array with references is copied, its values are not dereferenced. This is valid also for arrays passed by value to functions."
http://www.php.net/manual/en/language.references.whatdo.php
This is also has nothing to do with _SESSION as it can be reproduce on this code too:

<?php
$a['storage'][] = array('items'=> 0);
$pointer = &$a['storage'][0];
$gitems = $a['storage'];
$gitems[0]['foo'] = 2;

var_dump($a);
?>
 [2005-06-16 16:23 UTC] luca dot fabbro at procne dot it 
I'm just a bit confused. When I redeclare $pointer I suppose that a kind of unset was done on old value of $pointer. I was thinking that previous references were destroyed. In the loop in fact I'll lose the ability to unset the pointers if I don't do it before redeclaring $pointer.
In my example if previous pointers were destroyed I have to notice this "strange" behaviour only on the last element of array.
If reference is put in a function things of course change as exiting from the function there is an automatic unset of the local $pointer variable. In this way the last element of the array isn't a reference as the previous ones.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 08 20:01:34 2025 UTC