php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49557 Assign $_SESSION to an empty array doesn't work
Submitted: 2009-09-15 02:56 UTC Modified: 2009-09-16 12:12 UTC
From: maxtjh at hotmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.10 OS: Windox XP SP2
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2009-09-15 02:56 UTC] maxtjh at hotmail dot com 
Description:
------------
Output for Test.php

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(0) { }
--------------------------------------?


Output for Test.php?set=1

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
Session has been set with 'a' and 'b'
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }
--------------------------------------?


Output for Test.php?reset=1

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
Session has been set with empty array and new SID is regenerated.
New sid: hathl18bl00gedoqeia2q6dq36
$_SESSION => array(0) { }
--------------------------------------?

After go throught these 3 URL, $_SESSION should be equal to empty array before regenarate new session id.

But it get wrong here:
Change current session id (hathl18bl00gedoqeia2q6dq36) with old session id (1e2rcu3s63pv5r0m0omuckmmc6) in cookie and enter Test.php without any get method.

$_SESSION should be an empty array but it show this:

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }

Reproduce code:
---------------
session_start();
echo 'Current SID: '.session_id().'<br/>';
if(isset($_GET['set']))
{	$_SESSION=array('a'=>'aaa','b'=>'bbb');
	echo 'Session has been set with \'a\' and \'b\''.'<br/>';
}

if(isset($_GET['reset']))
{	$_SESSION=array();
	session_regenerate_id();
	echo 'Session has been set with empty array and new SID is regenerated.'.'<br/>';
	echo 'New sid: '.session_id().'<br/>';
}

echo '$_SESSION => ';
echo var_dump($_SESSION).'<br/>';

Expected result:
----------------
Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(0) { }

Actual result:
--------------
Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-16 12:12 UTC] jani@php.net 
session_regenerate_id() does not destroy the session. RTFM: 
http://php.net/session_regenerate_id and notice the optional parameter.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 15:01:31 2024 UTC