<?php

class MyObj
{
    var $p1;

    function MyObj()
    {
        $this->p1 = "foo";
    }
    function __sleep()
    {
        return array("p1");
    }
    function __wakeup()
    {
        if (!isset($this->p1))
            exit("No bug");

        unset($this->p1);

        header("Location: " . $_SERVER["PHP_SELF"]);
        exit;
    }
}

session_start();

if (!isset($_SESSION["obj"]) || !isset($_SESSION["obj"]->p1)) {
    $_SESSION["obj"] =& new MyObj();
}

var_dump($_SESSION["obj"]);

?>

With the above code, the following "should" happen:
1. Browse to the page, it'll create the object and initialize p1, then var_dump() it.
2. Refresh. Through __wakeup(), p1 should be unset and then it should redirect.
3. (automatically redirected) __wakeup() should then run exit("No bug");

What DOES happen:
In the second page, __wakeup() unsets p1 in a certain instance of the object, but that instance isn't the same as the one in $_SESSION["obj"]. Thus, the ACTUAL session object is not edited, and so we get an infinite redirect.

The problem:
It must be that if __wakeup() doesn't return the session is not updated. That's okay, I can live with that -- but at the very least, that behavior should be documented. On the other hand, as far as I know, it's a bug with PHP.