php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #8315 strange session behavior with register_globals off
Submitted: 2000-12-18 13:02 UTC Modified: 2001-05-02 06:27 UTC
From: cynic at mail dot cz Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0 Latest CVS (18/12/2000) OS: NT 5 SP 1
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cynic at mail dot cz
New email:
PHP Version: OS:

 

 [2000-12-18 13:02 UTC] cynic at mail dot cz 
Apache 1.3.14 through apache-1.3_20001218111201
PHP snapshots since about two weeks ago through php-4.0.4RC6
stock php.ini-optiomized (with the exception of error_reporting E_ALL)

Actually I cannot confirm this bug with latest CVS, because it won't build, but this has been valid for apachephp4.dll for about two weeks. 

This issue can be stripped down to: it seems that with register_globals off, variables registered in a session become members of $HTTP_SESSION_VARS on the NEXT request, and when unregistered, get re-registered on the next request. The latter looks like an outstanding bug.

The (lack of) presence of the error_reporting() calls in the beginning of all the files has no effect on the issue.

Also, notice that when register_globals is on, session_is_registered() returns true, the global variable has it's value and is subsequently recreated on the next request, however, on the request where the session is started, $HTTP_SESSION_VARS is empty. With register_globals off, it already contains the variable when I traverse the array. (with the following bump: the increment call in the following block:
$count = 0 ;
session_register( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

results in "undefined index" warning...)

Seems like session support should be tagged 'experimental' on win32 Apache... Which is a pitty, as this httpd represents the shortest and most straightforward way from win32 dev machines to most unix servers...



register_globals on

=======================================================
test1.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
$count = 0 ;
session_register( 'count' ) ;
$count++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test2.php">test2.php</a>'
=======================================================
relevant output:
=======================================================
yes
1

=======================================================
test2.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
session_unregister( 'count' ) ;
$count++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test3.php">test3.php</a>' ;
=======================================================
relevant output:
=======================================================
no
2
count     :      1

test3.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="test1.php">test1.php</a>' ;
=======================================================
relevant output:
=======================================================
no

Warning:  Undefined variable:  count ...


register_globals off

=======================================================
test1.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
$count = 0 ;
session_register( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test2.php">test2.php</a>'
=======================================================
relevant output:
=======================================================
Warning:  Undefined index:  count ...
yes
1
count     :      1

=======================================================
test2.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
session_unregister( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test3.php">test3.php</a>' ;
=======================================================
relevant output:
=======================================================
no
2
count     :      2

test3.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="test1.php">test1.php</a>' ;
=======================================================
relevant output:
=======================================================
yes
2
count     :      2

Patches

Pull Requests
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 11:01:30 2024 UTC