PHP :: Bug #2450 :: use session variable values after form method=post

Bug #2450	use session variable values after form method=post
Submitted:	1999-10-06 03:55 UTC	Modified:	1999-10-06 09:11 UTC
From:	henri dot cujass at leolo dot com	Assigned:
Status:	Closed	Package:	Misbehaving function
PHP Version:	4.0 Beta 2	OS:	Sun Solaris 2.7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	henri dot cujass at leolo dot com
New email:
PHP Version:		OS:

New Comment:

[1999-10-06 03:55 UTC] henri dot cujass at leolo dot com

The problem is that the session_register is _stronger_ than the post method. 
When I start a session and register a variable and give a value
to this variable, then the form post will not override the original value.

Solaris 2.6/2.7 Apache/mod_php
php.ini:
[Session]
session.save_handler = files        
session.save_path = /tmp                                            
session.name = PHPSESSID           
session.auto_start = 0           
session.lifetime = 0              
session.serialize_handler = php     
session.gc_probability = 1       
session.gc_maxlifetime = 1440

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-10-06 09:11 UTC] andrei at cvs dot php dot net

Session variables are supposed to override post variables
with the same name. Otherwise your script becomes unsecure.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Jul 04 17:01:35 2025 UTC