PHP :: Bug #32279 :: _SESSION treated as super global without session

Bug #32279

_SESSION treated as super global without session_start()

Submitted:

2005-03-11 15:54 UTC

Modified:

2005-05-06 02:35 UTC

Votes:	2
Avg. Score:	2.0 ± 1.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

pguilbault at iweb dot ca

Assigned:

Status:

Wont fix

Package:

Session related

PHP Version:

5.0.3

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pguilbault at iweb dot ca
New email:
PHP Version:		OS:

New Comment:

[2005-03-11 15:54 UTC] pguilbault at iweb dot ca

Description:
------------
Without using session_start() and setting $_SESSION['test']='hi there'; in a class and echoing thise $_SESSION['test'] outside the class with echo the 'hi there'...

I was told it was a bug...
Althougth I am hoping it is NOT a bug and that I will be able to use that super global for my Session Management class.

So I can use $_SESSION['test'] in my classes instead of $GLOBAS['session_vars']['test']. which is way too long for my test.

Reproduce code:
---------------
class tester()
{
   function __construct()
   {
      $_SESSION['test'] = 'hi there';
   }
}

$test = new tester();
echo $_SESSION['test'];

Expected result:
----------------
hi there

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-03-12 14:43 UTC] sniper@php.net

Yes, it's definately a bug. And I wouldn't suggest using $_SESSION like that as we might a) fix this bug b) this won't work if session extension is not enabled..

[2005-03-12 19:23 UTC] tony2001@php.net

Well, personally I don't think it's a bug. 
Other autoglobals are registered in the same time too (i.e. at module init time).

[2005-03-13 00:44 UTC] pollita@php.net

The way ZE is designed, this behavior is pretty darned unlikely to change anytime before PHP7.

HOWEVER:  I would qualify it as an "undocumented feature", as such it is subject to removal without notice.  So use at your own risk.

Plus, as sniper said, if your PHP was compiled with --disable-session then $_SESSION will be unavailable anyway.

To ensure maximum compatability you're best off use $GLOBALS['somevar']['index'] = 'foo';  or   global $somevar;   $somevar['index'] = 'foo';

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 18:01:30 2024 UTC