php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16890 Session variables lost during page changes
Submitted: 2002-04-28 17:27 UTC Modified: 2002-08-14 14:11 UTC
Votes:12
Avg. Score:4.8 ± 0.4
Reproduced:12 of 12 (100.0%)
Same Version:6 (50.0%)
Same OS:5 (41.7%)
From: phpbug at ski-info-online dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0 OS: WinXP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: phpbug at ski-info-online dot com
New email:
PHP Version: OS:

 

 [2002-04-28 17:27 UTC] phpbug at ski-info-online dot com
Hi all, 

Globals are Off! 

I am logging in from a form on one page (sessions.php), sending the data via GET (for test purposes) to another script (setSession.php) which should display the contents of the session vars once set. Then there is a hyperlink to take me back to the sessions.php script where I should be presented with a welcome message as opposed to the original log in form. The problem is that there appears to be great inconsistency with how session vars perform. I have included the test scripts I have been using below for your convenience.

Problem exhibited 
Test Case 1 (see Test Code): 
This is the method recommended for when Globals are On but I ran this test with Globals Off to see if it helped. This results with me not being able to see the session var contents on the page they are created BUT following the link which takes me back to the login Form does result with me being logged in automatically. 

Test Case 2: 
This results with me being able to display the contents of the session vars on the page which created them BUT they appear to get lost when following the link which should auto log me in. 

Test Case 3: 
Results are exactly the same as Test Case 2. 

Note: To simulate a test case, copy the two scripts below and set the $testcase number at the top of each script. 
==============
sessions.php
==============
<?
$testcase = 1;
switch ($testcase){
   case 1:
     session_start();
     break;
   default:
     break;
}
?>
<html>
<head>
</head>
<body>
<?
switch ($testcase) {
    case 1:
      if ($HTTP_SESSION_VARS['username']){
          echo "Welcome ".$HTTP_SESSION_VARS['username'];
      } else {
          echo "Running Test Case $testcase <br />";       
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;        
    case 2;
      if ($_SESSION['username']){
          echo "Welcome ".$_SESSION['username'];
      } else {
          echo "Running Test Case $testcase <br />";      
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;    
    case 3:
      if ($HTTP_SESSION_VARS['username']){
          echo "Welcome ".$HTTP_SESSION_VARS['username'];
      } else {
          echo "Running Test Case $testcase <br />";      
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;        
    default:
      echo "Invalid Test Case Specified";
      exit (1);
}  
?>
</body>
</html>
===============
setSession.php
===============
<?
$testcase = 1;
switch ($testcase){
   case 1:
     session_start();
     break;
   default:
     break;
}
?>
<html>
<head>
</head>
<body>
<?
  $testcase = 3;
  switch ($testcase){
      case 1:
        if ($_GET['user']){
            //Globals On - test case 1
            $username = $HTTP_GET_VARS['user'];
            $userid = $HTTP_GET_VARS['id'];
            session_register('username');
            session_register('userid');            
        }
        break;
      case 2:
        if ($_GET['user']){            
            //Globals Off with $_SESSION[] - test case 2
            $_SESSION['username'] = $HTTP_GET_VARS['user'];
            $_SESSION['userid'] = $HTTP_GET_VARS['id'];            
        }
        break;
      case 3:
        if ($_GET['user']){            
            //Globals Off with $HTTP_SESSION_VARS[] - test case 3
            $HTTP_SESSION_VARS['username'] = $HTTP_GET_VARS['user'];
            $HTTP_SESSION_VARS['userid'] = $HTTP_GET_VARS['id'];
        }
        break;
      default:
        echo "Invalid test case specified";
        exit (1);        
  }
       
  echo "Running Test Case $testcase <br />";
  echo "<hr>";        
?>
Session Vars are set to:<br />
<?  
  switch ($testcase){
      case 1:        
        echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
        echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
        break;
      case 2:        
        echo "User = ".$_SESSION['username']."<br />";
        echo "Userid = ".$_SESSION['userid']."<br />";
        break;
      case 3:        
        echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
        echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
        break;
      default:
        echo "Invalid Test Case Specified";
        exit(1);
  }  
?>
<hr>
<a href="sessions.php">Click here to test your session vars</a>
</body>
</html>

Thanks

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-28 19:40 UTC] sniper@php.net
If you want to use sessions, you need to ALWAYS have
session_start() before trying to access $_SESSION[]
(or $HTTP_SESSION_VARS[] )

--Jani

 [2002-04-29 02:56 UTC] phpdub at ski-info-online dot com
Oops, yep I agree. The test script has a remnant from some "clutching at straws" testing. Apologies. 

Rest assured though that the problem is there even if you remove the first switch and call session_start() for all cases.
 [2002-07-16 23:57 UTC] sniper@php.net
Try this snapshot:

http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

And remember to replace ALL the existing php related
files with the ones found in this package!

 [2002-08-14 14:10 UTC] phpbug at ski-info-online dot com
Well, since posting this I have upgraded some time ago to 4.2.1, the problem did not repeat itself in that version and I have session vars working fine now.
 [2002-08-14 14:11 UTC] kalowsky@php.net
As stated by user.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Feb 09 06:05:49 2023 UTC