php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32279 _SESSION treated as super global without session_start()
Submitted: 2005-03-11 15:54 UTC Modified: 2005-05-06 02:35 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: pguilbault at iweb dot ca Assigned:
Status: Wont fix Package: Session related
PHP Version: 5.0.3 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-03-11 15:54 UTC] pguilbault at iweb dot ca 
Description:
------------
Without using session_start() and setting $_SESSION['test']='hi there'; in a class and echoing thise $_SESSION['test'] outside the class with echo the 'hi there'...

I was told it was a bug...
Althougth I am hoping it is NOT a bug and that I will be able to use that super global for my Session Management class.

So I can use $_SESSION['test'] in my classes instead of $GLOBAS['session_vars']['test']. which is way too long for my test.

Reproduce code:
---------------
class tester()
{
   function __construct()
   {
      $_SESSION['test'] = 'hi there';
   }
}

$test = new tester();
echo $_SESSION['test'];

Expected result:
----------------
hi there

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-12 14:43 UTC] sniper@php.net 
Yes, it's definately a bug. And I wouldn't suggest using $_SESSION like that as we might a) fix this bug b) this won't work if session extension is not enabled..
 [2005-03-12 19:23 UTC] tony2001@php.net 
Well, personally I don't think it's a bug. 
Other autoglobals are registered in the same time too (i.e. at module init time).
 [2005-03-13 00:44 UTC] pollita@php.net 
The way ZE is designed, this behavior is pretty darned unlikely to change anytime before PHP7.

HOWEVER:  I would qualify it as an "undocumented feature", as such it is subject to removal without notice.  So use at your own risk.

Plus, as sniper said, if your PHP was compiled with --disable-session then $_SESSION will be unavailable anyway.

To ensure maximum compatability you're best off use $GLOBALS['somevar']['index'] = 'foo';  or   global $somevar;   $somevar['index'] = 'foo';
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 16 11:01:29 2024 UTC