php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8315 strange session behavior with register_globals off
Submitted: 2000-12-18 13:02 UTC Modified: 2001-05-02 06:27 UTC
From: cynic at mail dot cz Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0 Latest CVS (18/12/2000) OS: NT 5 SP 1
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cynic at mail dot cz
New email:
PHP Version: OS:

 

 [2000-12-18 13:02 UTC] cynic at mail dot cz
Apache 1.3.14 through apache-1.3_20001218111201
PHP snapshots since about two weeks ago through php-4.0.4RC6
stock php.ini-optiomized (with the exception of error_reporting E_ALL)

Actually I cannot confirm this bug with latest CVS, because it won't build, but this has been valid for apachephp4.dll for about two weeks. 

This issue can be stripped down to: it seems that with register_globals off, variables registered in a session become members of $HTTP_SESSION_VARS on the NEXT request, and when unregistered, get re-registered on the next request. The latter looks like an outstanding bug.

The (lack of) presence of the error_reporting() calls in the beginning of all the files has no effect on the issue.

Also, notice that when register_globals is on, session_is_registered() returns true, the global variable has it's value and is subsequently recreated on the next request, however, on the request where the session is started, $HTTP_SESSION_VARS is empty. With register_globals off, it already contains the variable when I traverse the array. (with the following bump: the increment call in the following block:
$count = 0 ;
session_register( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

results in "undefined index" warning...)

Seems like session support should be tagged 'experimental' on win32 Apache... Which is a pitty, as this httpd represents the shortest and most straightforward way from win32 dev machines to most unix servers...



register_globals on

=======================================================
test1.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
$count = 0 ;
session_register( 'count' ) ;
$count++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test2.php">test2.php</a>'
=======================================================
relevant output:
=======================================================
yes
1

=======================================================
test2.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
session_unregister( 'count' ) ;
$count++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test3.php">test3.php</a>' ;
=======================================================
relevant output:
=======================================================
no
2
count     :      1

test3.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $count ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="test1.php">test1.php</a>' ;
=======================================================
relevant output:
=======================================================
no

Warning:  Undefined variable:  count ...


register_globals off

=======================================================
test1.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
$count = 0 ;
session_register( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test2.php">test2.php</a>'
=======================================================
relevant output:
=======================================================
Warning:  Undefined index:  count ...
yes
1
count     :      1

=======================================================
test2.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;
session_unregister( 'count' ) ;
$HTTP_SESSION_VARS['count']++ ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="/test3.php">test3.php</a>' ;
=======================================================
relevant output:
=======================================================
no
2
count     :      2

test3.php
=======================================================
error_reporting( E_ALL ) ;
session_start() ;

echo session_is_registered('count') ? 'yes' : 'no' ;
echo $HTTP_SESSION_VARS['count'] ;

foreach( $HTTP_SESSION_VARS as $k => $v ) {
	echo "$k     :      $v\n" ;
} ; 

echo '<a href="test1.php">test1.php</a>' ;
=======================================================
relevant output:
=======================================================
yes
2
count     :      2


Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 02:01:27 2019 UTC