|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13236 References in session are not restored and may crash PHP
Submitted: 2001-09-10 13:01 UTC Modified: 2005-09-02 07:35 UTC
Avg. Score:5.0 ± 0.0
Reproduced:8 of 8 (100.0%)
Same Version:3 (37.5%)
Same OS:3 (37.5%)
From: cwalstad at unitechprepress dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.0 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: cwalstad at unitechprepress dot com
New email:
PHP Version: OS:


 [2001-09-10 13:01 UTC] cwalstad at unitechprepress dot com
If you use session_register on an object that contains references to other objects, that each contain a reference to the first object, these objects will not be restored correctly.

This is a huge limitation in PHP!!!


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-23 14:05 UTC]
========== ==========
The references the currently open Bug id #13236.  I have confirmed this bug.

I tried to add my comments to that bug, but apparently only the creator of the bug can do

I don't have time to look at the PHP source code, but generally the way serialization of
objects is done (taken from C++ foundation classes I've worked with) is on write build a
hash table of object pointers/addresses as key, and a unique id (auto increment) as value.
 Write the id and class on first instance, and then serialize only the id on subsequent
references to same object.

Then on read serialization (unserialization), build the same hash table with the key and
value reversed roles, i.e. the key is the id, and the value is the pointer to the

AFAIK, this method will support cyclical references.  From the number of bugs I've seen
reported about storing objects and/or references in sessions, I am guessing that PHP is
not using this general algorithm.

I've seen other object and/or referenence bugs in sessions in past releases of PHP
(starting with PHP4.0.3pl1), and haven't had time to go back and test to see what has been
fixed, what has been broken, and what has not been fixed.  It gets quite confusing and
arduous to track.

I add this suggestion here if it may be of assistance, as a general way to kill all these
bugs.  I'd really like to see the serialization of objects and references work correctly
in a general way, as it is a very powerful tool, vs. using other bandaids such long
if-else constructs or redundant arrays to achieve the equivalent of persistant object

Please take my input constructively.
 [2001-12-19 22:26 UTC]
May be we should change Status to 
or change Type to
Feature request?

 [2002-01-06 20:21 UTC]
This may not be fixed. Even if it is fixed, it will not be done in near future.
 [2002-04-24 19:27 UTC]
Crashing is no good. We need to check and get rid of references when session data is unserialized. 

 [2005-09-02 07:35 UTC]
Seems to be fixed now partially. In general: Don't use references with sessions.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jul 24 00:01:29 2024 UTC