php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73302 Copy-On-Write on $_SESSION fails with session_decode
Submitted: 2016-10-12 13:53 UTC Modified: 2016-10-14 08:57 UTC
From: d dot negrier at thecodingmachine dot com Assigned:
Status: Closed Package: Session related
PHP Version: 7.1.0RC3 OS: Ubuntu
Private report: No CVE-ID: None
View Developer Edit
 [2016-10-12 13:53 UTC] d dot negrier at thecodingmachine dot com 
Description:
------------
Bug can seen here:

https://3v4l.org/m1HQ3

It affects all versions starting with 7.0.

If I copy the $_SESSION variable in another variable ($sessionCopy) and then I call session_decode, I do not expect $sessionCopy to be impacted by the call to $_SESSION.

Yet, in PHP 7.0+, $sessionCopy is also modified.

Test script:
---------------
<?php

session_start();

// $_SESSION is empty so $oldSession is empty too now.
// I expect copy to be by value, not by reference so anything impacting $_SESSION should not impace $oldSession.
$oldSession = $_SESSION;

session_decode('id|i:1;');

var_dump($_SESSION);
var_dump($oldSession);

Expected result:
----------------
I expect $_SESSION and $oldSession to be different.


Actual result:
--------------
In PHP 7+, $_SESSION and $oldSession are equal.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-13 13:37 UTC] x dot huberty at thecodingmachine dot Com 
Description:
------------
Bug can seen here:

https://3v4l.org/tekjZ

We have the same behaviour when we copy a temp variable ($sessionCopy) in $_SESSION.
 [2016-10-13 13:42 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2016-10-13 13:42 UTC] requinix@php.net 
This sounds like the same problem as bug #73273. Can you try a build of master to confirm whether @nikic's fix solves this?
 [2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com
-Status: Feedback +Status: Closed
 [2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com 
Hey Damian,

Just checked with latest master.
I confirm that the problem is indeed solved.

I'm closing this bug.
Thanks @nikic!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Mar 31 06:01:30 2025 UTC