php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8772 user level session storage fails when register_globals off
Submitted: 2001-01-17 20:36 UTC Modified: 2001-07-04 10:08 UTC
From: serge at freezefotoz dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.6 OS: RH Linux 7.0
Private report: No CVE-ID: None
 [2001-01-17 20:36 UTC] serge at freezefotoz dot com
When using a user level session storage method to db for example, if register_globals is off, a session record is added to the database, but it contains no serialized data. The data portion is empty.

If I turn register_globals on, the the database record for
the session contains the serialized data.

Is this a bug or a feature???

Thanks, Serge

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-18 06:22 UTC] sniper@php.net
Feedback by Sascha Schumann <sascha@schumann.cx>:
-------------------------------------------------

And did you assign your data to $HTTP_SESSION_VARS["foo"]
instead of $foo?

The user level storage module gets exactly the same set of
data as the other modules. In fact, there is no distinction
in the session module as to how the data is stored.

- Sascha

 [2001-01-23 13:49 UTC] serge at freezefotoz dot com
Yes I did, I followed the examples described in the latest documentation.

session_register("test");
$HTTP_SESSION_VARS['test'] = '12345';

when I try to print on another page, 
echo "session var test = $HTTP_SESSION_VARS[test]";
it comes up empty...?

When I look in the database, I have a session record, but the data is empty?

Serge
 [2001-01-23 16:19 UTC] cynic@php.net
it won't print the contents this way. you must use either
echo "session var test = {$HTTP_SESSION_VARS[test]}";
or 
echo "session var test = " . $HTTP_SESSION_VARS[test];

if this solves your problem, close the bug, please.
 [2001-01-23 17:13 UTC] serge at freezefotoz dot com
Still does not work. As stated before, when I check the database, the data field is empty.

phpinfo.php
<?php
    session_register("test");
    $HTTP_SESSION_VARS['test'] = "blabla";
    phpinfo();
?>
<a href="/test.php">test</a>


test.php
<?php
    print "session var = " . $HTTP_SESSION_VARS['test'];
?>

Config file
<VirtualHost 192.168.0.7>
        ServerAdmin webmaster@phpdev1.globalbeach.com
        DocumentRoot /www/medialib-dev/htdocs
        ServerName medialib-dev.globalbeach.com
        ErrorLog        /www/medialib-dev/logs/error_log
        CustomLog       /www/medialib-dev/logs/access_log common
        php_flag register_globals off
        php_flag track_vars on
        php_value auto_prepend_file "/usr/local/apache/conf/pgsql_session_handler.php"
        php_value include_path "/www/medialib-dev/libs"
        php_value open_basedir "/www/medialib-dev"
</VirtualHost>

 [2001-01-23 17:50 UTC] serge at freezefotoz dot com
What I have noticed is when I have register_globals on and I run this script, a record is added to the session table as expected.

<?php
    session_register("test");
    $HTTP_SESSION_VARS['test'] = "blabla";
?>

but when I have register_globals off and run this script, upon script completion there is NO session record in the table at all?

Serge

 [2001-01-25 14:02 UTC] serge at freezefotoz dot com
OK, here is some more info....

I just installed the Zend IDE and did some debugging.

What I noticed was the following using this test code:

<?php
    session_register("myvar");  
    $HTTP_SESSION_VARS['myvar'] = "VarVar";
    print "This is a test";
    exit;
?>

if register_globals is off (Note: setting this in a virtual server with  php_flag register_globals off)

session_register("myvar") calls open_session in my session handler, and then calls read_session in the handler
I assign a value to $HTTP_SESSION_VARS['myvar']
upon exit; the following happens
close_session is called in the session handler and thats the end! ---> write_session was never called?

####

if register_globals is on (Note: setting this in a virtual server with  php_flag register_globals on)

session_register("myvar") calls open_session in session handler, and then calls read_session in the handler.
I assign a value to $HTTP_SESSION_VARS['myvar']
upon exit; write_session is called and the value passed is 
!myvar| <---- missing the value of $myvar.
close_session is called and thats that.

Questions:

In the first example, why is write_session never called?
In the second example, why does !myvar| NOT have the value I assigned to it like so $HTTP_SESSION_VARS['myvar'] = "VarVar";


Thanks, Serge

 [2001-01-25 14:06 UTC] serge at freezefotoz dot com
P.S.

Whith register_globals on, this works fine.

session_register("myvar");
$myvar = "VarVar";
exit;

and $myvar gets registerd with its value by the handler just
fine.

Serge
 [2001-01-25 14:39 UTC] serge at freezefotoz dot com
Below are my php.ini settings and Virtual Host settings
Serge

# php.ini file
[PHP]

engine			=	On 
short_open_tag	=	On
asp_tags		=	Off
precision		=	14
y2k_compliance	=	Off
output_buffering	= Off
output_handler		=
implicit_flush		= Off
allow_call_time_pass_reference	= Off

; Safe Mode
safe_mode		=	Off
safe_mode_exec_dir	=
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions	=								

#zend_optimizer.optimization=15
#zend_extension="/usr/local/Zend/lib/ZendOptimizer.so"

zend_extension="/usr/local/Zend/lib/ZendDebugger.so"

; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> would work.
highlight.string	=	#DD0000
highlight.comment	=	#FF8000
highlight.keyword	=	#007700
highlight.bg		=	#FFFFFF
highlight.default	=	#0000BB
highlight.html		=	#000000

; Misc
expose_php	=	Off

;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 60
memory_limit = 8M

error_reporting	=	E_ALL & ~E_NOTICE & ~E_WARNING
display_errors	=	On
display_startup_errors = Off
log_errors		=	Off
track_errors	=	On
;error_prepend_string = "<font color=ff0000>"   
;error_append_string = "</font>"
;error_log	=	filename
;error_log	=	syslog
warn_plus_overloading	=	Off


;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
variables_order		=	"GPCS"
register_globals	=	Off
register_argc_argv	=	Off
post_max_size		=	8M
gpc_order			=	"GPC"

; Magic quotes
magic_quotes_gpc	=	Off
magic_quotes_runtime=	Off
magic_quotes_sybase	=	Off

; automatically add files before or after any PHP document
auto_prepend_file	=
auto_append_file	=

; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
include_path	=
doc_root		=
user_dir		=
extension_dir	=	./
enable_dl		= On

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
file_uploads	= On
;upload_tmp_dir	=
upload_max_filesize = 15M


;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
allow_url_fopen = On


;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

[Syslog]
define_syslog_variables	= Off

[mail function]
SMTP			=	localhost
sendmail_from	=	webmaster@test.com
sendmail_path	=	'/var/qmail/bin/qmail-inject -N'

[Debugger]
debugger.host	=	localhost
debugger.port	=	7869
debugger.enabled	=	False

[Logging]
;logging.method    = db
;logging.directory = /path/to/log/directory

[Java]

[SQL]
sql.safe_mode	=	Off

[ODBC]
odbc.allow_persistent	=	On
odbc.check_persistent  = 	On
odbc.max_persistent	=	-1
odbc.max_links			=	-1
odbc.defaultlrl	=	4096
odbc.defaultbinmode	= 	1

[MySQL]
mysql.allow_persistent	=	On
mysql.max_persistent	=	-1
mysql.max_links			=	-1
mysql.default_port		=	
mysql.default_socket	=
mysql.default_host		=
mysql.default_user		=
mysql.default_password	=

[mSQL]
msql.allow_persistent	=	On
msql.max_persistent		= -1
msql.max_links			= -1

[PostgresSQL]
pgsql.allow_persistent	=	On
pgsql.max_persistent	=	-1
pgsql.max_links			= -1

[Sybase]
sybase.allow_persistent	=	On
sybase.max_persistent	=	-1
sybase.max_links		=	-1
;sybase.interface_file	=	"/usr/sybase/interfaces"
sybase.min_error_severity	=	10
sybase.min_message_severity	=	10
sybase.compatability_mode	= Off

[Sybase-CT]
sybct.allow_persistent	=	On
sybct.max_persistent	=	-1
sybct.max_links			=	-1
sybct.min_server_severity	=	10
sybct.min_client_severity	=	10

[bcmath]
bcmath.scale	=	0

[browscap]

[Informix]
ifx.default_host		=		
ifx.default_user		=		
ifx.default_password		=		
ifx.allow_persistent		=	On	
ifx.max_persistent		=	-1	
ifx.max_links			=	-1	
ifx.textasvarchar		=	0	
ifx.byteasvarchar		=	0	
ifx.charasvarchar		=	0	
						
ifx.blobinfile			=	0	
						
ifx.nullformat			=	0	
						

[Session]
session.save_handler      = user
session.save_path         = php_sessions
session.use_cookies       = 1
session.name              = PHPSESSID  
session.auto_start        = 0
session.cookie_lifetime   = 0
session.cookie_path       = /   
session.cookie_domain     =     
session.serialize_handler = php 
session.gc_probability    = 10  
session.gc_maxlifetime    = 1200
session.referer_check     =     
session.entropy_length    = 0   
;session.entropy_file      =    
session.entropy_length    = 16
session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache
session.cache_expire      = 180
session.use_trans_sid     = 1

url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

[MSSQL]
mssql.allow_persistent		=	On
mssql.max_persistent		=	-1
mssql.max_links				=	-1
mssql.min_error_severity	=	10
mssql.min_message_severity	=	10
mssql.compatability_mode	=  Off
;mssql.textlimit			= 4096
;mssql.textsize				= 4096
;mssql.batchsize			=	 0

[Assertion]
;assert.active				=	Off
;assert.warning				=	On
;assert.bail				=	Off
;assert.callback			=	0
;assert.quiet_eval			=	0

[Ingres II]
ingres.allow_persistent		=	On
ingres.max_persistent		=	-1
ingres.max_links			=	-1
ingres.default_database		=
ingres.default_user			=
ingres.default_password		=

[Verisign Payflow Pro]

[Sockets]
sockets.use_system_read		=	Off

========================
========================

# virtual host settings
<VirtualHost 192.168.0.7>
        ServerAdmin webmaster@phpdev1.globalbeach.com
        DocumentRoot /www/medialib-dev/htdocs
        ServerName medialib-dev.globalbeach.com
        ErrorLog        /www/medialib-dev/logs/error_log
        CustomLog       /www/medialib-dev/logs/access_log common
        php_flag register_globals off
        php_flag track_vars on
        php_value auto_prepend_file "/usr/local/apache/conf/pgsql_session_handler.php"
        php_value include_path "/www/medialib-dev/libs"
        php_value open_basedir "/www/medialib-dev"
</VirtualHost>

 [2001-02-03 07:14 UTC] serge at freezefotoz dot com
Looks like someone else is having the same problem.

See bug number 9002

Serge

 [2001-02-22 18:39 UTC] serge at freezefotoz dot com
Steve Chadsey has reported that he has the same bug as me:
His message follow.

For the record, I am having the *exact* problem you describe.  It's on a RedHat 6.2 system, kernel 2.4.1, PostgreSQL 7.0.3, Apache/1.3.17 (Unix) mod_perl/1.25 PHP/4.0.4pl1.  With register_globals off, the session
write function is never getting called.  With register_globals on, it works fine.

Do you think I should add a new bug report?  Can I add a "me too" to
your bug report?

Thanks,
-- 
Steve Chadsey <tyr@teiresias.net>

 [2001-03-04 07:09 UTC] serge at freezefotoz dot com
I would like to know if there is any news with regards to this bug? The workaround involves using "register_globals on" and I really don't like this aproach.

Thanks, Serge

 [2001-05-16 03:56 UTC] serge at freezefotoz dot com
Hi Guys,

Well I installed PHP 4.0.5 hoping it would fix my problem with sessions and it still does not work!

Any help from someone knowledgable on this issue would be nice since I reported this bug over 3 months ago.

Thanks, Serge
 [2001-05-22 21:06 UTC] jmoore@php.net
THis should be fixed in Latest CVS. Please reopen if that is not the case.

- James
 [2001-07-04 09:58 UTC] serge at freezefotoz dot com
Hi,

Just installed PHP 4.0.6 and tested things again.... to my dispair this problem is still not fixed. I don't understand why this is not happening to tons of PHP developers?
Are they all using register_globals on ?

Thanks, Serge
 [2001-07-04 10:00 UTC] derick@php.net
James said it was fixed in the CVS version. It might that it was not fixed in the 4.0.6 branch.
Please check out the CVs version and reopen if it is still not fixed.

Derick
 [2001-07-04 10:08 UTC] serge at freezefotoz dot com
This was over 1 month ago, I would find it very strange that it would not have made its way into the 4.0.6 branch condsidering that 4.0.6 is was meant to be a bug fix release.

Serge
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Feb 15 19:01:25 2019 UTC