php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68650 Cannot set session variables in a page handling session.upload_progress
Submitted: 2014-12-25 05:07 UTC Modified: 2021-09-24 12:48 UTC
Votes:5
Avg. Score:4.2 ± 1.0
Reproduced:3 of 4 (75.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: Chriswright96 at hotmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Session related
PHP Version: 5.5.20 OS: Ubuntu Trusty
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Chriswright96 at hotmail dot com
New email:
PHP Version: OS:

 

 [2014-12-25 05:07 UTC] Chriswright96 at hotmail dot com 
Description:
------------
When using an upload form, with a hidden field with the session.upload_progress.name, the target page cannot set new session variables.

If you use the example below (with session.upload_progress.cleanup set to off for debugging), you will notice that the 'new' session disappears when you navigate back to the first page.

Test script:
---------------
//test1.php
<form name="fileupload" action="test2.php" method="POST" enctype="multipart/form-data">
    <input type="hidden" name="<?php echo ini_get("session.upload_progress.name"); ?>" value="123">
    <input type="file" name="newfile">
    <input type="submit" name="submit" value="Submit">
</form>
<?php
    if(!isset($_SESSION)) {
        session_start();
    }
    print_r($_SESSION);
?>

//test2.php
<?php
    if(!isset($_SESSION)) {
        session_start();
    }
    $_SESSION['new']='Im a new value that will disappear';
    print_r($_SESSION);
?>
<a href="test.php">Go back</a>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-26 15:50 UTC] Chriswright96 at hotmail dot com 
This can be solved by using:
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

Instead of:

if(!isset($_SESSION)) {
    session_start();
}

But the reasoning behind this is still not clear in documentation
 [2017-10-24 09:01 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-10-24 09:01 UTC] kalle@php.net 
This package has not had any releases for 6 years, so I'm gonna suspend it, any new maintainer that decides to pick this up can re-open this ticket.
 [2020-01-26 01:09 UTC] ramsey@php.net
-Status: Suspended +Status: Re-Opened -Package: uploadprogress +Package: Session related
 [2020-01-26 01:09 UTC] ramsey@php.net 
This appears to be session-related and not related to the uploadprogress extension. I'm not sure whether it's still an issue, but I'm re-opening, just in case.
 [2021-09-24 12:48 UTC] cmb@php.net
-Status: Re-Opened +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-09-24 12:48 UTC] cmb@php.net 
From the docs[1]:

| The upload progress will be available in the $_SESSION
| superglobal when an upload is in progress, and when POSTing a
| variable of the same name as the session.upload_progress.name INI
| setting is set to. When PHP detects such POST requests, it will
| populate an array in the $_SESSION, […]

So $_SESSION is already populated when test2.php is executed, but
the session has not been started.  Since test2.php will not start
the session in this case, any changes to $_SESSION are not
persistet. If you request test2.php directly, the changes are
persistet.

I think the documentation is sufficient, so I'm closing as NAB.

[1] <https://www.php.net/manual/en/session.upload-progress.php>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Sep 20 06:00:01 2025 UTC