php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13236 References in session are not restored and may crash PHP
Submitted: 2001-09-10 13:01 UTC Modified: 2005-09-02 07:35 UTC
Votes:8
Avg. Score:5.0 ± 0.0
Reproduced:8 of 8 (100.0%)
Same Version:3 (37.5%)
Same OS:3 (37.5%)
From: cwalstad at unitechprepress dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.0 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cwalstad at unitechprepress dot com
New email:
PHP Version: OS:

 

 [2001-09-10 13:01 UTC] cwalstad at unitechprepress dot com
If you use session_register on an object that contains references to other objects, that each contain a reference to the first object, these objects will not be restored correctly.

This is a huge limitation in PHP!!!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-23 14:05 UTC] sander@php.net
========== shelby@DownloadFAST.com ==========
The references the currently open Bug id #13236.  I have confirmed this bug.

I tried to add my comments to that bug, but apparently only the creator of the bug can do
that.

I don't have time to look at the PHP source code, but generally the way serialization of
objects is done (taken from C++ foundation classes I've worked with) is on write build a
hash table of object pointers/addresses as key, and a unique id (auto increment) as value.
 Write the id and class on first instance, and then serialize only the id on subsequent
references to same object.

Then on read serialization (unserialization), build the same hash table with the key and
value reversed roles, i.e. the key is the id, and the value is the pointer to the
object.

AFAIK, this method will support cyclical references.  From the number of bugs I've seen
reported about storing objects and/or references in sessions, I am guessing that PHP is
not using this general algorithm.

I've seen other object and/or referenence bugs in sessions in past releases of PHP
(starting with PHP4.0.3pl1), and haven't had time to go back and test to see what has been
fixed, what has been broken, and what has not been fixed.  It gets quite confusing and
arduous to track.

I add this suggestion here if it may be of assistance, as a general way to kill all these
bugs.  I'd really like to see the serialization of objects and references work correctly
in a general way, as it is a very powerful tool, vs. using other bandaids such long
if-else constructs or redundant arrays to achieve the equivalent of persistant object
references.

Please take my input constructively.
=============================================
 [2001-12-19 22:26 UTC] yohgaki@php.net
May be we should change Status to 
Suspended 
or change Type to
Feature request?

--
Yasuo
 [2002-01-06 20:21 UTC] yohgaki@php.net
This may not be fixed. Even if it is fixed, it will not be done in near future.
 [2002-04-24 19:27 UTC] yohgaki@php.net
Crashing is no good. We need to check and get rid of references when session data is unserialized. 

 [2005-09-02 07:35 UTC] sniper@php.net
Seems to be fixed now partially. In general: Don't use references with sessions.

 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Jun 09 19:03:38 2023 UTC