php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16890 Session variables lost during page changes
Submitted: 2002-04-28 17:27 UTC Modified: 2002-08-14 14:11 UTC
Votes:12
Avg. Score:4.8 ± 0.4
Reproduced:12 of 12 (100.0%)
Same Version:6 (50.0%)
Same OS:5 (41.7%)
From: phpbug at ski-info-online dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0 OS: WinXP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
45 - 6 = ?
Subscribe to this entry?

 
 [2002-04-28 17:27 UTC] phpbug at ski-info-online dot com 
Hi all, 

Globals are Off! 

I am logging in from a form on one page (sessions.php), sending the data via GET (for test purposes) to another script (setSession.php) which should display the contents of the session vars once set. Then there is a hyperlink to take me back to the sessions.php script where I should be presented with a welcome message as opposed to the original log in form. The problem is that there appears to be great inconsistency with how session vars perform. I have included the test scripts I have been using below for your convenience.

Problem exhibited 
Test Case 1 (see Test Code): 
This is the method recommended for when Globals are On but I ran this test with Globals Off to see if it helped. This results with me not being able to see the session var contents on the page they are created BUT following the link which takes me back to the login Form does result with me being logged in automatically. 

Test Case 2: 
This results with me being able to display the contents of the session vars on the page which created them BUT they appear to get lost when following the link which should auto log me in. 

Test Case 3: 
Results are exactly the same as Test Case 2. 

Note: To simulate a test case, copy the two scripts below and set the $testcase number at the top of each script. 
==============
sessions.php
==============
<?
$testcase = 1;
switch ($testcase){
   case 1:
     session_start();
     break;
   default:
     break;
}
?>
<html>
<head>
</head>
<body>
<?
switch ($testcase) {
    case 1:
      if ($HTTP_SESSION_VARS['username']){
          echo "Welcome ".$HTTP_SESSION_VARS['username'];
      } else {
          echo "Running Test Case $testcase <br />";       
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;        
    case 2;
      if ($_SESSION['username']){
          echo "Welcome ".$_SESSION['username'];
      } else {
          echo "Running Test Case $testcase <br />";      
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;    
    case 3:
      if ($HTTP_SESSION_VARS['username']){
          echo "Welcome ".$HTTP_SESSION_VARS['username'];
      } else {
          echo "Running Test Case $testcase <br />";      
          echo "<form method=\"GET\" action=\"setSession.php\">\n"
          . "User: <input type=\"text\" name=\"user\" value=\"\"><br />\n"
          . "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
          . "<input type=\"submit\" value=\"Set Session\"><br />\n"
          . "</form>\n";
      }
      break;        
    default:
      echo "Invalid Test Case Specified";
      exit (1);
}  
?>
</body>
</html>
===============
setSession.php
===============
<?
$testcase = 1;
switch ($testcase){
   case 1:
     session_start();
     break;
   default:
     break;
}
?>
<html>
<head>
</head>
<body>
<?
  $testcase = 3;
  switch ($testcase){
      case 1:
        if ($_GET['user']){
            //Globals On - test case 1
            $username = $HTTP_GET_VARS['user'];
            $userid = $HTTP_GET_VARS['id'];
            session_register('username');
            session_register('userid');            
        }
        break;
      case 2:
        if ($_GET['user']){            
            //Globals Off with $_SESSION[] - test case 2
            $_SESSION['username'] = $HTTP_GET_VARS['user'];
            $_SESSION['userid'] = $HTTP_GET_VARS['id'];            
        }
        break;
      case 3:
        if ($_GET['user']){            
            //Globals Off with $HTTP_SESSION_VARS[] - test case 3
            $HTTP_SESSION_VARS['username'] = $HTTP_GET_VARS['user'];
            $HTTP_SESSION_VARS['userid'] = $HTTP_GET_VARS['id'];
        }
        break;
      default:
        echo "Invalid test case specified";
        exit (1);        
  }
       
  echo "Running Test Case $testcase <br />";
  echo "<hr>";        
?>
Session Vars are set to:<br />
<?  
  switch ($testcase){
      case 1:        
        echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
        echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
        break;
      case 2:        
        echo "User = ".$_SESSION['username']."<br />";
        echo "Userid = ".$_SESSION['userid']."<br />";
        break;
      case 3:        
        echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
        echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
        break;
      default:
        echo "Invalid Test Case Specified";
        exit(1);
  }  
?>
<hr>
<a href="sessions.php">Click here to test your session vars</a>
</body>
</html>

Thanks

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-28 19:40 UTC] sniper@php.net 
If you want to use sessions, you need to ALWAYS have
session_start() before trying to access $_SESSION[]
(or $HTTP_SESSION_VARS[] )

--Jani
 [2002-04-29 02:56 UTC] phpdub at ski-info-online dot com 
Oops, yep I agree. The test script has a remnant from some "clutching at straws" testing. Apologies. 

Rest assured though that the problem is there even if you remove the first switch and call session_start() for all cases.
 [2002-07-16 23:57 UTC] sniper@php.net 
Try this snapshot:

http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

And remember to replace ALL the existing php related
files with the ones found in this package!
 [2002-08-14 14:10 UTC] phpbug at ski-info-online dot com 
Well, since posting this I have upgraded some time ago to 4.2.1, the problem did not repeat itself in that version and I have session vars working fine now.
 [2002-08-14 14:11 UTC] kalowsky@php.net 
As stated by user.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 17:01:30 2024 UTC