php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73456 Problems on unsetting session variable
Submitted: 2016-11-03 21:57 UTC Modified: 2016-11-05 01:21 UTC
From: sasf54 at gmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 7.0.12 OS: Linux - Gentoo
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sasf54 at gmail dot com
New email:
PHP Version: OS:

 

 [2016-11-03 21:57 UTC] sasf54 at gmail dot com 
Description:
------------
I have a shopping cart.
With unlogged in user, I cannot clean it.
(unset($_SESSION['order']);
session_commit();)
But with a logged in user, it works fine.
(it has some other session variables)

I fixed the bug, with issuing an other session_start() right before the unset block.

Test script:
---------------
// I cannot give you the whole code part :(
// I set the $_SESSION['order'] in an other php file, and it's working fine
session_start();
// some long processing codeing
            if (isset($_SESSION['order'])) {
                session_start(); // <=== this has to be here to work, without it, does not works
                unset($_SESSION['order']);
                session_commit();
            }


Expected result:
----------------
the $_SESSION['order'] to be unset
(For unlogged in user, it should be an empty session,
for a logged in user, it works fine 'o,O' )

Actual result:
--------------
It should clear the $_SESSION['order'] for unlogged in users too.
(I also tried to add some new values to other session variables to save it, but it was not working :( )

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-03 22:05 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2016-11-03 22:05 UTC] requinix@php.net 
session_commit, which is actually just an alias for session_write_close, writes data and ends the session. If you want to make changes to $_SESSION afterwards then you must call session_start() again.
 [2016-11-04 11:12 UTC] sasf54 at gmail dot com 
Hi requinix,

Yes, it's a bug :(
(I had to issue 2 session_start() (without a session_commit() ))
I tested on live (ubuntu with PHP 7.0.8)
and it's fine.
I'm now updating the portage / php if I can to test it with newer version, I'll update soon
 [2016-11-04 11:37 UTC] sasf54 at gmail dot com 
hm...
it was a session_commit() before...
(But I don't understand, why does it works on live then :) )
 [2016-11-05 01:21 UTC] yohgaki@php.net 
You should have session_commit()/session_write_close() somewhere. Live system does not call it due to execution path. 

session_status() before PHP 7.2 is unreliable (I haven't commit the fix yet, so it's not ready even in master now), but you can use it to check session status unless you have bad code.

Use session_status() to check if you need to call session_start() or not.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 21:00:01 2025 UTC