php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29626 Variables read from $_SESSION loose their values when using HTTP
Submitted: 2004-08-12 08:26 UTC Modified: 2004-09-06 01:00 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: proteus at proteusworld dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: Irrelevant OS: Linux (might be Windows too)
Private report: No CVE-ID: None
View Developer Edit
 [2004-08-12 08:26 UTC] proteus at proteusworld dot com 
Description:
------------
I found a strange (to me at least) behaviour with sessions when using HTTPS.

Let's say that $_SESSION["message"] contains "old_message". Take the following code:

$old_message = $_SESSION["message"];
$_SESSION["message"] = "new message";
echo "The message was: ".$old_message;

Now, over HTTP you would get the expected output ("old_message"). But over HTTPS the output will contain "new_message".

You can use session_unregister("message") if you want $old_message to preserve its value, but this means you can't set anymore a new value for $_SESSION["message"].

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-29 13:35 UTC] tony2001@php.net 
HTTP & HTTPS are two different sites for your browser, so you're mixing two different sessions here.
Please, supply more readable example - a short reproduce script would definitely help more than a verbose essay.
 [2004-09-06 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 30 12:00:01 2025 UTC