php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18468 "global $_SESSION;" breaks sessions handling
Submitted: 2002-07-22 12:51 UTC Modified: 2002-07-22 20:29 UTC
From: pratesi at telug dot it Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.2.1 OS: Red Hat Linux 7.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pratesi at telug dot it
New email:
PHP Version: OS:

 

 [2002-07-22 12:51 UTC] pratesi at telug dot it
The following code evidences the problem:

<?php

session_start();

if (!isset($_SESSION["foobar"])) {
        echo "Foobar not set, now we set it to 1";
        $_SESSION["foobar"] = 1;
} else {
        $_SESSION["foobar"]++;
        echo "Foobar is set and is = " . $_SESSION["foobar"];
}

echo "\n<br>";

if (!isset($_SESSION["counter"])) {
        echo "Counter not set, now we set it to 1";
        set_counter();
} else {
        $_SESSION["counter"]++;
        echo "Counter is set and is = " . $_SESSION["counter"];
}

echo "\n<br>";

if (!isset($_SESSION["foobar2"])) {
        echo "Foobar2 not set, now we set it to 1";
        $_SESSION["foobar2"] = 1;
} else {
        $_SESSION["foobar2"]++;
        echo "Foobar2 is set and is = " . $_SESSION["foobar2"];
}

function set_counter() {
        global $_SESSION;
        $_SESSION["counter"] = 1;
}

echo "<pre>";
var_dump($_SESSION);
echo "</pre>";

?>

Loading and reloading the page, $_SESSION["counter"] and
$_SESSION["foobar2"] remain undefined, due to the
global $_SESSION;
put in function set_counter()
The problem disappears commenting out
// global $_SESSION;

I realize that it makes no sense to declare as "global"
a superglobal, but I was doing it only for compatibility
with PHP 4.0, after the following code:
if (!isset($_SESSION)) $_SESSION = $HTTP_SESSION_VARS;

I think that it would be nice to get a warning due to the
attempt of declaring a superglobal as "global"; it would
also be nice if such a statement would be sistematically
ignored (this would also allow to avoid breaking
compatibility with PHP 4.0)

BTW, a really strange thing: I ahve observed this problem
both with PHP 4.1.2 and PHP 4.2.1, but not on each platform
tested by me and my friends: Red Hat 7.3 and SuSE are
affected, while Debian Woody and Mandrake 8.2 are not.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-22 20:29 UTC] sniper@php.net
Don't do that. And you should be using $HTTP_SESSION_VARS anyway, if you want to keep backwards compatibility..
and then 'global' is in order.

 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jul 09 23:01:33 2025 UTC