php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33360 Pointer to item in $_SESSION superglobal causes troubles
Submitted: 2005-06-16 12:35 UTC Modified: 2005-06-16 16:23 UTC
From: luca dot fabbro at procne dot it Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.10 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: luca dot fabbro at procne dot it
New email:
PHP Version: OS:

 

 [2005-06-16 12:35 UTC] luca dot fabbro at procne dot it 
Description:
------------
Seems that once you've declared a pointer to one of the items in session superglobal any other assignment of a variable to that session item is alwayys treated as a pointer.

Tested on various versions of php 4.3 till 4.3.1
Register globals are OFF
php 5.0.4 having same error


Reproduce code:
---------------
session_start();
for ($i = 0; $i < 2; $i++)
{
	$_SESSION['storage'][$i] = array('items'=>$i);
}
$items = count($_SESSION['storage']);
for ($i = 0; $i < $items; $i++)
{
	$pointer = &$_SESSION['storage'][$i];
//	unset($pointer);	// Uncomment me to let me work properly
}
$gitems = $_SESSION['storage'];
foreach ($gitems as $key=>$val)
{
	$gitems[$key]['foo'] = time();
}


Expected result:
----------------
$_SESSION = Array
(
    [storage] => Array
        (
            [0] => Array
                (
                    [items] => 0
                )
            [1] => Array
                (
                    [items] => 1
                )
        )
)

Actual result:
--------------
$_SESSION = Array
(
    [storage] => Array
        (
            [0] => Array
                (
                    [items] => 0
                    [foo] => 1118913576
                )

            [1] => Array
                (
                    [items] => 1
                    [foo] => 1118913576
                )
        )
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-06-16 12:55 UTC] tony2001@php.net 
With "$pointer = &$_SESSION['storage'][$i];" you turn $_SESSION['storage'][$i]; into a reference.
But:
"Note: If array with references is copied, its values are not dereferenced. This is valid also for arrays passed by value to functions."
http://www.php.net/manual/en/language.references.whatdo.php
This is also has nothing to do with _SESSION as it can be reproduce on this code too:

<?php
$a['storage'][] = array('items'=> 0);
$pointer = &$a['storage'][0];
$gitems = $a['storage'];
$gitems[0]['foo'] = 2;

var_dump($a);
?>
 [2005-06-16 16:23 UTC] luca dot fabbro at procne dot it 
I'm just a bit confused. When I redeclare $pointer I suppose that a kind of unset was done on old value of $pointer. I was thinking that previous references were destroyed. In the loop in fact I'll lose the ability to unset the pointers if I don't do it before redeclaring $pointer.
In my example if previous pointers were destroyed I have to notice this "strange" behaviour only on the last element of array.
If reference is put in a function things of course change as exiting from the function there is an automatic unset of the local $pointer variable. In this way the last element of the array isn't a reference as the previous ones.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 08 16:01:33 2025 UTC