PHP :: Bug #32496 :: Session string values are references

Bug #32496	Session string values are references
Submitted:	2005-03-30 05:23 UTC	Modified:	2005-04-01 02:12 UTC
From:	ceo at l-i-e dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.0.3	OS:	FreeBSD 5.3-RELEASE
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ceo at l-i-e dot com
New email:
PHP Version:		OS:

New Comment:

[2005-03-30 05:23 UTC] ceo at l-i-e dot com

Description:
------------
<?php
  session_start();
  if (!isset($_SESSION['name'])){
    $_SESSION['name'] = 'Richard Lynch';
  }
  else{
    $name = $_SESSION['name'];
  }
  /* Assume a ton of code goes here */
  $name = 'Fooey';
  echo "Session name is: ", $_SESSION['name'], "<br />\n";
?>

Now, hit this page, re-load it, and what do *YOU* expect $_SESSION['name'] to output?

A) 'Richard Lynch', because you never re-assigned $_SESSION['name']
B) 'Fooey' because $name is a reference, and you changed it, so that changed your session data.

*I* expected A)
Alas, the reality is B)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-30 07:25 UTC] sniper@php.net

Using latest CVS + register_globals = Off -> Works just fine.

[2005-04-01 02:12 UTC] ceo at l-i-e dot com

Fixed in CVS, I guess.

Others have confirmed the bug in 5.0.3 on non FreeBSD platforms.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Dec 19 15:00:01 2025 UTC