PHP :: Bug #73302 :: Copy-On-Write on $_SESSION fails with session

Bug #73302	Copy-On-Write on $_SESSION fails with session_decode
Submitted:	2016-10-12 13:53 UTC	Modified:	2016-10-14 08:57 UTC
From:	d dot negrier at thecodingmachine dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	7.1.0RC3	OS:	Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	d dot negrier at thecodingmachine dot com
New email:
PHP Version:		OS:

New Comment:

[2016-10-12 13:53 UTC] d dot negrier at thecodingmachine dot com

Description:
------------
Bug can seen here:

https://3v4l.org/m1HQ3

It affects all versions starting with 7.0.

If I copy the $_SESSION variable in another variable ($sessionCopy) and then I call session_decode, I do not expect $sessionCopy to be impacted by the call to $_SESSION.

Yet, in PHP 7.0+, $sessionCopy is also modified.

Test script:
---------------
<?php

session_start();

// $_SESSION is empty so $oldSession is empty too now.
// I expect copy to be by value, not by reference so anything impacting $_SESSION should not impace $oldSession.
$oldSession = $_SESSION;

session_decode('id|i:1;');

var_dump($_SESSION);
var_dump($oldSession);

Expected result:
----------------
I expect $_SESSION and $oldSession to be different.


Actual result:
--------------
In PHP 7+, $_SESSION and $oldSession are equal.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-13 13:37 UTC] x dot huberty at thecodingmachine dot Com

Description:
------------
Bug can seen here:

https://3v4l.org/tekjZ

We have the same behaviour when we copy a temp variable ($sessionCopy) in $_SESSION.

[2016-10-13 13:42 UTC] requinix@php.net

-Status: Open +Status: Feedback

[2016-10-13 13:42 UTC] requinix@php.net

This sounds like the same problem as bug #73273. Can you try a build of master to confirm whether @nikic's fix solves this?

[2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com

-Status: Feedback +Status: Closed

[2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com

Hey Damian,

Just checked with latest master.
I confirm that the problem is indeed solved.

I'm closing this bug.
Thanks @nikic!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Dec 04 08:01:29 2024 UTC