php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24144 $_SESSION array is having problem transmitting variables
Submitted: 2003-06-12 04:40 UTC Modified: 2003-06-12 04:56 UTC
From: lehel at bin dot hu Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.2 OS: Linux 2.4.8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lehel at bin dot hu
New email:
PHP Version: OS:

 

 [2003-06-12 04:40 UTC] lehel at bin dot hu
Description:
------------
This script is for logging in a user on a page.

After the query $_SESSION variables are set according to the values stored in the database, I've checked them by echoing them.
But when checking the same variables in start.php they contain the pre-set values that were set at the beginning of this script.
After going back to the index script, and starting all over the login procedure, the results are as expected.

It seems so that the session engine does not handle multiple value changes in the script where session_start is used at the first time on the page, bcause the usage of session_start on the submitting page solves the problem.

db_Exec and db_Result are simple database wrappers.

Reproduce code:
---------------
	session_start ();
	include_once ("Include/Common.php");

	$_SESSION["UserID"]=-1;
	$_SESSION["lastactive"]=time ()-4000;

	$dbconn=db_Connect ();

	$query=db_Exec ($dbconn,"SELECT * FROM users WHERE username='$_POST[UserName]' AND userpwd='$_POST[UserPwd]';");
	if (db_Num_Rows ($query)==0) {
		nupi_error ("Jelsz?, vagy felhaszn?l?n?v hiba!");
	}
	$row=db_Fetch_Row ($query);
	$_SESSION["UserID"]=$row["user_id"];
	$_SESSION["lastactive"]=time ();

	header ("Location: start.php");


Expected result:
----------------
$_SESSION["UserID"] = 0
$_SESSION["lastactive"] ... actual time

in start.php

Actual result:
--------------
$_SESSION["UserID"] = -1
$_SESSION["lastactive"] ... actual time-4000

in start.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-12 04:43 UTC] derick@php.net
You're always unconditionally setting the two sessions variables:

        $_SESSION["UserID"]=-1;
        $_SESSION["lastactive"]=time ()-4000;

Sounds like a script error -> bogus
 [2003-06-12 04:56 UTC] lehel at bin dot hu
Processing order
index.php => submitted script => start.php

Why I do not think this to be a script error is because:
If index.php contains a
<?php
	session_start ();
	$_SESSION["UserID"]=-1;
	$_SESSION["lastactive"]=time ()-4000;
?>

at its beginning the problem vanishes, the $_SESSION array in start.php contains the expected values.
But if I move this code into the login script, then everything goes wrong.

I've checked the values in the $_SESSION array before jumping to start.php, and it contained the expected values, but when I removed the checker script, and restarted IE then the checker in start.php showed up with the wrong values.

If I did not close IE but simply started the process all over, the expected values showd up in start.php .

To me it seems, that the usage of the $_SESSION array is having a bug, which omits itself only in the script where the session_start () function is used the first time. In that script the second modification of values in the $_SESSION array somehow is not saved on the server, but if the script starts with an already active session then the modifications are saved.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 13:01:28 2024 UTC