php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22389 $_POST vars overwrites $_SESSION vars, if register_globals=on
Submitted: 2003-02-24 04:03 UTC Modified: 2003-02-24 04:07 UTC
From: ng4rrjanbiah at rediffmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.0 OS: Linux
Private report: No CVE-ID: None
 [2003-02-24 04:03 UTC] ng4rrjanbiah at rediffmail dot com
For me,
register_globals = on;

$_SESSION['foo'] = 'xxx';

...Then form operations that post few data including
$_POST['foo']='yyy'

...Now the value of $_SESSION['foo'] is set to 'yyy'

My server's PHP version is 4.3.0...The above bug is really a big problem for me...I've developed a part of the module for our big project...I've developed with the idea of register_globals=off, but other people develped with the idea of register_globals=on...And in the server, they've put it with register_globals=on... and I've started experiencing the above problem...

It worked fine on my local system (PHP4.2.3) with register_globals=off.
As, the module is related to login & session, it is a very big problem for me. Any workaround?

-R. Rajesh Jeba Anbiah

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-24 04:07 UTC] sniper@php.net
Yes, don't use register_globals=On. Doing $_SESSION['foo'] is basically same as doing session_register('foo'); and when register_globals=On, $foo in global context will be same as in $_SESSION['foo']. Not a bug.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 01:01:28 2024 UTC