php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18559 Session variables not stored when register_globals is off
Submitted: 2002-07-25 03:59 UTC Modified: 2002-09-11 11:05 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:3 of 4 (75.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: jensen at byu dot edu Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.2 OS: Windows 2000
Private report: No CVE-ID: None
 [2002-07-25 03:59 UTC] jensen at byu dot edu
I discovered this earlier today, and then while reading through the user comments under "Session handling functions" looking for a solution, I discovered I wasn't the only one with the same problem.

Here it is:
When register_globals is off (as it should be), under Win2K, Apache 1.3.26, PHP 4.2.2, I cannot for the life of me get session variables to work as they should. I've read the documentation thoroughly, and can't find a solution. Here's some sample code (which incidentally runs perfectly fine on my other web server - Linux, Apache 1.3.26, PHP 4.2.1)

--- page1.php -----------------------
<?

session_start();

$_SESSION['sess_var'] = "Hello World!";

echo "The content of session variable is ";
echo $_SESSION['sess_var'];

?>
<a href = "page2.php">Next page</a>
-------------------------------------

This file outputs correctly what is expected. But next file does not...

--- page2.php -----------------------
<?

session_start();

if (isset($_SESSION['sess_var']))
   {
   $sess_var = $_SESSION['sess_var'];
   echo "The content of \$sess_var is $sess_var";
   }
else
   echo "The session variable does not exist!
";

?>

So is this a bug specific to PHP 4.2.2? Or only Win 2K? Any help would be greatly appreciated.

Incidentally, ever since I upgraded from 4.2.0, IE won't display several of my PHP scripts, while Netscape and Opera will... Hmmm. All I get is an "Internal Server Error" message... Any suggestions would be great.

-Jon

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-25 11:58 UTC] max at ahston dot se
I have also noticed several webapplications based on PHP to stop working. 

For example does SquirrelMail not work after changing to Apache 1.3.26+php4.2.2.. 

But going back to Apache 1.3.26+php4.2.1 there is no problem.

I haven't looked deep into the problem, but as the first user reported it seems to be session based.

For example there is calender application where you jump back and forth between different months. When running 4.2.2 it doesn't change month but show the same whatever you do..

Running Redhat with Linux 2.4.18-5smp
 [2002-07-25 11:59 UTC] max at ahston dot se
I have also noticed several webapplications based on PHP to stop working. 

For example does SquirrelMail not work after changing to Apache 1.3.26+php4.2.2.. 

But going back to Apache 1.3.26+php4.2.1 there is no problem.

I haven't looked deep into the problem, but as the first user reported it seems to be session based.

For example there is calender application where you jump back and forth between different months. When running 4.2.2 it doesn't change month but show the same whatever you do..

Running Redhat with Linux 2.4.18-5smp
 [2002-07-25 14:39 UTC] max at ahston dot se
Strange.

I added "php_flag register_globals on" in the .htaccess file for the programs that had the problems in 4.2.2 and squrrielmail worked again. Squrrielmail depends on this to be "on", and a major change in 4.2.0 was that this was turned off. Eventough it doesn't seem to have come to an effect before 4.2.2 now was released.
 [2002-07-26 01:52 UTC] rverlander@php.net
In PHP 4.2.0, the 'register_globals' setting default changed to
be off. See http://www.php.net/release_4_2_0.php for more info.
We are sorry about the inconvenience, but this change was a necessary
part of our efforts to make PHP scripting more secure and portable.


 [2002-07-26 03:13 UTC] jensen at byu dot edu
rverlander@php.net:

Thank you, but I don't think you understood the question. I am aware that as of PHP 4.2.0 register_globals is off. The problem therein is this: According to the documentation, you should still be able to use session variables in the following manner:

$_SESSION['myvar'] = "something";

or if you prefer:

$HTTP_SESSION_VARS['myvar'] = "something";

In fact, the documentation states:

"If track_vars is enabled and register_globals is disabled, only members of the global associative array $HTTP_SESSION_VARS can be registered as session variables. The restored session variables will only be available in the array $HTTP_SESSION_VARS."

Well, that makes sense, but it sure doesn't work when I use it under PHP 4.2.2 / Apache 1.3.26 / Win2K, as illustrated in the original example. Maybe I'm just not getting something, in which case I apologize and would greatly appreciate an explanation - but only after having thoroughly examined the problem ;)

Thanks again.
 [2002-07-31 00:25 UTC] gharding at oktobor dot com
I'm having session problems all around with win2k+apache1.3.x and php4.0.6 and 4.2.2 - session handling worked fine for about 2 hrs, then just stopped. I've read lots of the session handling bugs for win2k etc. and they all have the same symtom, just stopping working and reboots and reinstalls don't fix the problem.

I can't get a session to start and even exist on the next page now, whereas yesterday it worked perfectly. I've rebooted, reinstalled, read the bug reports, etc... but nothing is making it work again.

Like many others, I can start a session and access the variables (only outside function calls) on the same page, but the session disappears on the next page. $HTTP_SESSION_VARS reports as length 0 in functions on the same page as the session is started... I've checked the temp session files (they store the variables ok) and the cookies from the browser with the session id - both fine.

I'll keep on trying lotsa things out but I hope there's a solution out there or one coming soon. 

Cheers!

// Greg
 [2002-09-11 11:05 UTC] jensen at byu dot edu
Okay, PHP Version 4.2.3 seems to fix the problem, although they don't address it in the documentation. Weird. But since I upgraded today, it's been working fine... only time will tell.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 07:01:29 2024 UTC