|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73302 Copy-On-Write on $_SESSION fails with session_decode
Submitted: 2016-10-12 13:53 UTC Modified: 2016-10-14 08:57 UTC
From: d dot negrier at thecodingmachine dot com Assigned:
Status: Closed Package: Session related
PHP Version: 7.1.0RC3 OS: Ubuntu
Private report: No CVE-ID: None
 [2016-10-12 13:53 UTC] d dot negrier at thecodingmachine dot com
Bug can seen here:

It affects all versions starting with 7.0.

If I copy the $_SESSION variable in another variable ($sessionCopy) and then I call session_decode, I do not expect $sessionCopy to be impacted by the call to $_SESSION.

Yet, in PHP 7.0+, $sessionCopy is also modified.

Test script:


// $_SESSION is empty so $oldSession is empty too now.
// I expect copy to be by value, not by reference so anything impacting $_SESSION should not impace $oldSession.
$oldSession = $_SESSION;



Expected result:
I expect $_SESSION and $oldSession to be different.

Actual result:
In PHP 7+, $_SESSION and $oldSession are equal.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-13 13:37 UTC] x dot huberty at thecodingmachine dot Com
Bug can seen here:

We have the same behaviour when we copy a temp variable ($sessionCopy) in $_SESSION.
 [2016-10-13 13:42 UTC]
-Status: Open +Status: Feedback
 [2016-10-13 13:42 UTC]
This sounds like the same problem as bug #73273. Can you try a build of master to confirm whether @nikic's fix solves this?
 [2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com
-Status: Feedback +Status: Closed
 [2016-10-14 08:57 UTC] d dot negrier at thecodingmachine dot com
Hey Damian,

Just checked with latest master.
I confirm that the problem is indeed solved.

I'm closing this bug.
Thanks @nikic!
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 18:01:30 2024 UTC