php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32279 _SESSION treated as super global without session_start()
Submitted: 2005-03-11 15:54 UTC Modified: 2005-05-06 02:35 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: pguilbault at iweb dot ca Assigned:
Status: Wont fix Package: Session related
PHP Version: 5.0.3 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
10 - 6 = ?
Subscribe to this entry?

 
 [2005-03-11 15:54 UTC] pguilbault at iweb dot ca 
Description:
------------
Without using session_start() and setting $_SESSION['test']='hi there'; in a class and echoing thise $_SESSION['test'] outside the class with echo the 'hi there'...

I was told it was a bug...
Althougth I am hoping it is NOT a bug and that I will be able to use that super global for my Session Management class.

So I can use $_SESSION['test'] in my classes instead of $GLOBAS['session_vars']['test']. which is way too long for my test.

Reproduce code:
---------------
class tester()
{
   function __construct()
   {
      $_SESSION['test'] = 'hi there';
   }
}

$test = new tester();
echo $_SESSION['test'];

Expected result:
----------------
hi there

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-12 14:43 UTC] sniper@php.net 
Yes, it's definately a bug. And I wouldn't suggest using $_SESSION like that as we might a) fix this bug b) this won't work if session extension is not enabled..
 [2005-03-12 19:23 UTC] tony2001@php.net 
Well, personally I don't think it's a bug. 
Other autoglobals are registered in the same time too (i.e. at module init time).
 [2005-03-13 00:44 UTC] pollita@php.net 
The way ZE is designed, this behavior is pretty darned unlikely to change anytime before PHP7.

HOWEVER:  I would qualify it as an "undocumented feature", as such it is subject to removal without notice.  So use at your own risk.

Plus, as sniper said, if your PHP was compiled with --disable-session then $_SESSION will be unavailable anyway.

To ensure maximum compatability you're best off use $GLOBALS['somevar']['index'] = 'foo';  or   global $somevar;   $somevar['index'] = 'foo';
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 18:01:30 2024 UTC