PHP :: Bug #23732 :: Assignment to global variable overwrites session-value

Bug #23732	Assignment to global variable overwrites session-value
Submitted:	2003-05-21 04:32 UTC	Modified:	2003-05-21 06:06 UTC
From:	daniel dot burckhardt at sur-gmbh dot ch	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	daniel dot burckhardt at sur-gmbh dot ch
New email:
PHP Version:		OS:

New Comment:

[2003-05-21 04:32 UTC] daniel dot burckhardt at sur-gmbh dot ch

(this seems to be the same problem as in
Bug #20709  	Session variable getting mysteriously set
which has been closed)

When register_globals is On, the assignment
  $foo = 'bar';
has the side-effect of setting
  $_SESSION['foo'] = 'bar';

The following script shows this - enter a new value into the input-field and watch how $_SESSION['foo'] changes.

<?php
session_start();
if($_POST['submit'] != 'go') {
  if(empty($_SESSION['foo']))
    $_SESSION['foo'] = 'foo';
}
else
  $foo = $_POST['foo']; // This assignment overwrites $_SESSION['foo'] if and only if register_globals is on
?>
<html>
<body>
<?php echo 'Session:'.$_SESSION['foo']  ?>
<form action="session_test.php" method="post">
<input type="text" name="foo" />
<input type="submit" name="submit" value="go" />
</form>
</body>
</html>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-21 06:06 UTC] mgf@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is expected behaviour: at version 4.3.0, a defect was corrected so that now the global variable and the $_SESSION[] entry always reference the same value.  (In versions 4.1 and 4.2 this was not the case, which could lead to unexpected and non-intuitive results.)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 06 19:01:36 2025 UTC