php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24144 $_SESSION array is having problem transmitting variables
Submitted: 2003-06-12 04:40 UTC Modified: 2003-06-12 04:56 UTC
From: lehel at bin dot hu Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.2 OS: Linux 2.4.8
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lehel at bin dot hu
New email:
PHP Version: OS:

 

 [2003-06-12 04:40 UTC] lehel at bin dot hu 
Description:
------------
This script is for logging in a user on a page.

After the query $_SESSION variables are set according to the values stored in the database, I've checked them by echoing them.
But when checking the same variables in start.php they contain the pre-set values that were set at the beginning of this script.
After going back to the index script, and starting all over the login procedure, the results are as expected.

It seems so that the session engine does not handle multiple value changes in the script where session_start is used at the first time on the page, bcause the usage of session_start on the submitting page solves the problem.

db_Exec and db_Result are simple database wrappers.

Reproduce code:
---------------
	session_start ();
	include_once ("Include/Common.php");

	$_SESSION["UserID"]=-1;
	$_SESSION["lastactive"]=time ()-4000;

	$dbconn=db_Connect ();

	$query=db_Exec ($dbconn,"SELECT * FROM users WHERE username='$_POST[UserName]' AND userpwd='$_POST[UserPwd]';");
	if (db_Num_Rows ($query)==0) {
		nupi_error ("Jelsz?, vagy felhaszn?l?n?v hiba!");
	}
	$row=db_Fetch_Row ($query);
	$_SESSION["UserID"]=$row["user_id"];
	$_SESSION["lastactive"]=time ();

	header ("Location: start.php");


Expected result:
----------------
$_SESSION["UserID"] = 0
$_SESSION["lastactive"] ... actual time

in start.php

Actual result:
--------------
$_SESSION["UserID"] = -1
$_SESSION["lastactive"] ... actual time-4000

in start.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-12 04:43 UTC] derick@php.net 
You're always unconditionally setting the two sessions variables:

        $_SESSION["UserID"]=-1;
        $_SESSION["lastactive"]=time ()-4000;

Sounds like a script error -> bogus
 [2003-06-12 04:56 UTC] lehel at bin dot hu 
Processing order
index.php => submitted script => start.php

Why I do not think this to be a script error is because:
If index.php contains a
<?php
	session_start ();
	$_SESSION["UserID"]=-1;
	$_SESSION["lastactive"]=time ()-4000;
?>

at its beginning the problem vanishes, the $_SESSION array in start.php contains the expected values.
But if I move this code into the login script, then everything goes wrong.

I've checked the values in the $_SESSION array before jumping to start.php, and it contained the expected values, but when I removed the checker script, and restarted IE then the checker in start.php showed up with the wrong values.

If I did not close IE but simply started the process all over, the expected values showd up in start.php .

To me it seems, that the usage of the $_SESSION array is having a bug, which omits itself only in the script where the session_start () function is used the first time. In that script the second modification of values in the $_SESSION array somehow is not saved on the server, but if the script starts with an already active session then the modifications are saved.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 18 15:00:01 2025 UTC