PHP :: Bug #25940 :: $_SESSION has strange behaviour on some OS

Bug #25940	$_SESSION has strange behaviour on some OS
Submitted:	2003-10-21 16:19 UTC	Modified:	2003-10-23 03:06 UTC
From:	Reiner dot Proels at laposte dot net	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.3	OS:	FreeBSD 4.8-RELEASE-p3 #1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2003-10-21 16:19 UTC] Reiner dot Proels at laposte dot net

Description:
------------
$_SESSION variables are sometimes overwritten on FreeBSD


Reproduce code:
---------------
	session_start();

	print_r($_SESSION);
	
	$kdnr = 1;
	if (isset($_SESSION['kdnr']))
		$kdnr = $_SESSION['kdnr'];
	
	print_r($_SESSION);

the variable $_SESSION['kdnr'] was set in an other script to "123"



Expected result:
----------------
Output under Windows with IIS

Array ( [kdnr] => 123 ) Array ( [kdnr] => 123 ) 

OK.

on the server of my provider there is FreeBSD running
the output looks like this:

Array ( [kdnr] => 123 ) Array ( [kdnr] => 1 ) 

so the $kdnr = 1 line has overwritten the session variable!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-10-22 01:40 UTC] tony2001@php.net

In PHP 4.2.0, the 'register_globals' setting default changed to
'off'. See http://www.php.net/release_4_2_0.php for more info.
We are sorry about the inconvenience, but this change was a necessary
part of our efforts to make PHP scripting more secure and portable.

Please, read about register_globals in the documentation.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 21:01:30 2024 UTC