|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32261 Session variable changes into reference
Submitted: 2005-03-10 11:58 UTC Modified: 2005-06-20 11:04 UTC
From: takayana at egate1 dot com Assigned: derick (profile)
Status: Closed Package: Session related
PHP Version: 4CVS-2005-03-23 OS: *
Private report: No CVE-ID: None
 [2005-03-10 11:58 UTC] takayana at egate1 dot com
By a Session variable   Operation by PHP4.3.10 carries out different operation from a low-ranking version.

When the following 6 files are created and test_web1.php is performed, in the case of a low rank version (for example,  PHP4.3.9)
$_SESSION '[data]'   Arrangement   id value   31, 1, 2, 3, 4, and 5 ... Although set to 20, in the case of PHP4.3.10, it is.   31, 1, 2, 3, 3, and 5 ... It will be set to 20.

Reproduce code:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-23 01:29 UTC]
Here's the shortest possible example script I came up with,
which does exactly same as your multiple scripts plus
shows what really happens:


class data {var $f;}
$phase = isset($_GET['phase']) ? $_GET['phase'] : 1;

switch ($phase) {
case 1:
  $_SESSION['foo'][0] = new data;
  $_SESSION['foo'][0]->f = 1;
  $_SESSION['foo'][1] = new data;
  $_SESSION['foo'][1]->f = 2;
  header("Location: test_web.php?phase=2");

case 2:
  $_SESSION['bar'] = new data;
  $_SESSION['bar']->f = 3;
  header("Location: test_web.php?phase=3");

case 3:
  $_SESSION['foo'][0] = $_SESSION['bar'];  // Here be bug
  header("Location: test_web.php?phase=4");

case 4:
  $_SESSION['bar'] = 'foo';
  header("Location: test_web.php?phase=5");

case 5:
  echo '<pre>';
  echo '</pre>';


Output is this:

array(2) {
  array(2) {
    &string(3) "foo"
    object(data)(1) {
  &string(3) "foo"

Result: ['bar'] became a reference to ['foo'][0]
(Does NOT happen when using arrays instead of object)

 [2005-03-24 07:46 UTC]
Seems also to be fixed in HEAD (PHP 5.1.0-dev)

 [2005-03-24 08:08 UTC] takayana at egate1 dot com
If it can do   With PHP4.X   I would like 
you to carry out fix.
 [2005-03-24 21:49 UTC]
bug #24485 seems to be same issue as this.

 [2005-03-25 02:40 UTC] takayana at egate1 dot com
In my long code   Result at the time of performing 
by PHP4.3.9   The normal value outputted 
and I thought that it was the problem of PHP4.3.10.
It seems that it is the same when the code 
of bug #24485 is seen.
Are they things even if it becomes easier 
to find a bug in PHP4.3.10?
 [2005-05-10 15:24 UTC]
Assigning to Derick (another reference thing..)

 [2005-06-20 10:58 UTC] takayana at egate1 dot com
It is fixed.
Thank you.
 [2005-06-20 11:04 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Aug 13 21:05:45 2022 UTC