php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20709 Session variable getting mysteriously set
Submitted: 2002-11-28 20:50 UTC Modified: 2002-12-08 10:19 UTC
Votes:8
Avg. Score:4.4 ± 1.3
Reproduced:7 of 8 (87.5%)
Same Version:1 (14.3%)
Same OS:2 (28.6%)
From: DChri36990 at aol dot com Assigned:
Status: No Feedback Package: Class/Object related
PHP Version: 4.2.3 OS: Windows 2000
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: DChri36990 at aol dot com
New email:
PHP Version: OS:

 

 [2002-11-28 20:50 UTC] DChri36990 at aol dot com
When my code does the following in sequence:

1) $_SESSION['League'] = 1; /* or any other number */

2) unset($_SESSION['League']);

3) $League = new AnyObject(...);

The variable $_SESSION['League'] gets set to the contents of "AnyObject".

This doesn't occur if the Session variable had never been set/unset, nor does it occur when the Session variable has an existing value in it when statement (3) occurs.
Addtionally, this assignment doesn't occur immediately at the time that statement (3) is executed.  It is somehow delayed until after the script completes.  It's only when I go on to execute another script when I encounter the "mystery" assignment.

I haven't tried this with names other than 'League', but common sense suggests this is likely a generic problem independant of the specific name I happened to use.

FYI, I'm running Apache version 1.3, the latest stable release for Windows. My PHP configuration is generic, with the exception of including the module(s) required to do XML/XSLT transforms.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-28 22:09 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

This is something that I believe was fixed in 4.3.0, please try the RC2 and report if the problem persists. Also, is you register_globals on?
 [2002-12-08 10:19 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2006-11-21 01:33 UTC] dpegasusm at gmail dot com
i had a similar problem occur in PHP 4.4.4 where i called a variable called $_SESSION['userID'] which had been previously set to the user's ID number. later on in the script i set $userID to a value and it would also set the session variable. strangely this mysterious resetting only happened for one particular instance of setting $userID to a new value. all other times it was reset it didn't affect the session variable. i tried moving the entire site onto a second server to see what happens and it worked fine there. both servers had the exact same configuration. and were running Linux with Apache 1.3.37.
 [2008-03-05 16:40 UTC] tozetre at gmail dot com
This just happened to me; a script checked for the existence of $_SESSION['optarr'], and filled data if it was set. The script didn't set the session variable, didn't assign anything to it, and the only place that $_SESSION['optarr'] appeared were in lines that checked if it was set- and I made sure there weren't any accidental assignments during evaluation. However, when I refreshed the page after loading it once, $_SESSION['optarr'] got filled with a bunch of data.

What I found was that I was setting $optarr in the script, which contained exactly the same information I was getting in $_SESSION['optarr'] on the reload. So, basically, the first time the script ran it looked for (and, presumably in the process, initialized) $_SESSION['optarr'], then built $optarr, which leaked over into $_SESSION['optarr'], so the second time I ran it, it found $_SESSION['optarr'] full of the data from $optarr. Renaming $optarr to $foooptarr eliminated the problem.

Running
PHP 5.2.4-pl2-gentoo on Apache 2.2.4-r12 on Linux 2.6.18-gentoo-r7 x86_64
 [2008-09-09 21:10 UTC] matt_00001 at hotmail dot com
It looks like this is an old bug report but Ive just run into it again so I don't think that its been fixed.

Iam using Apache2.2.4 and PHP5.2.2 on a ubuntu system.

What happens is that:

1) $_SESSION['userID'] is set to 1 in another script

2) When the script in question loads the $_SESSION['userID'] variable is set correctly and "echo $_SESSION['userID'];" outputs 1.

3) I assigned the variable $userID a value "$userID = 3;". 

4) Now "echo $_SESSION['userID'];" outputs 3


Its possible that Iam doing something wrong here, but Ive checked and I never change any $_SESSION variables in the script in question.  It looks like a legitimate bug to me.
 [2008-09-09 21:55 UTC] matt_00001 at hotmail dot com
It seems that it was my fault rather then a bug.  I had register_globals on which apparently causes $userID to be a references to $_SESSION['userID'] when a session variable of that name exists.

My previous comment can be removed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 04:01:26 2024 UTC