From: [EMAIL PROTECTED]
Operating system: Win32
PHP version: 4.1.1
PHP Bug Type: Session related
Bug description: unset($_SESSION['var']) problem with register_globals=on
Hi F0lks,
when I use the $_SESSION array while register_globals is enabled, I can't
unregister variables as described in the documentation (
unset($_SESSION['var']); ), except in the script call where 'var' was used
first time.
I wrote demonstration script hoping it shows you what I mean.
(register_globals must be enabled!)
<?
session_name('testsession');
session_start();
echo '<pre>';
if( ! $_SESSION['c'] ) $_SESSION['c'] = 1;
echo "=== unregistering variables from session with register_globals=On
under PHP 4.1.1 ===\n";
echo "Current step: $_SESSION[c] of 5\n\n";
switch( $_SESSION['c'] ) {
case 1:
echo "Checking, if 'var' is registered - ";
if( session_is_registered('var') ) {
session_destroy();
echo "yes. Killed session. END. (reload this page!)\n";
die();
} else {
echo "no. Good.\n";
}
echo "Setting \$_SESSION['var'] to 'test1' ...\n";
$_SESSION['var'] = 'test1';
varcheck( true );
break;
case 2:
varcheck( true );
echo "Trying to unregister 'var' with unset(\$_SESSION['var']) ...\n";
unset( $_SESSION['var'] );
varcheck( false );
echo "\$_SESSION['var'] isn't anymore now, so it shouldn't exist on the
next step.\n";
break;
case 3:
varcheck( true );
echo "Here it is again, damn!\n";
echo "Trying to get rid of it with session_unregister('var') ...\n";
session_unregister('var');
varcheck( false );
echo "Maybe, this time, it won't come back ...\n";
break;
case 4:
varcheck( false );
echo "It worked, \$_SESSION['var'] is dead ...\n";
echo "so let's try registering and unregistering in one (this) script
call.\n\n";
echo "Setting \$_SESSION['var'] to 'test2' ...\n";
$_SESSION['var'] = 'test2';
varcheck( true );
echo "Trying to unregister 'var' with unset(\$_SESSION['var'])...\n";
unset( $_SESSION['var'] );
varcheck( false );
break;
case 5:
varcheck( false );
echo "No \$_SESSION['var'] ...\n\n";
echo
'I think, I can explain this behaviour.
When you register a variable by $_SESSION[\'varname\']=\'something\';
$_SESSION[\'varname\'] is a string. When the script reacheas its end, it
sees no $GLOBALS[\'varname\'] to save (register_globals=On!) so it takes
$_SESSION[\'varname\'].
When calling the script again, \'varname\' will be restored from session
to $GLOBALS[\'varname\']. Then a reference to $GLOBALS[\'varname\'] will
be created in $_SESSION[\'varname\']. unset($_SESSION[\'varname\'] would
only delete the reference to $GLOBALS[\'varname\'] ...
My suggestion to the php developers:
When register_globals=On restore variables from session to
$_SESSION[\'varname\'] and store a reference to it in
$GLOBALS[\'varname\'].
';
// don't need break; here ...
default:
session_destroy();
echo "\n- - -\nSession killed. END. (reload to start again)\n";
die();
}
$_SESSION['c'] += 1;
echo "</pre><a href=\"$PHP_SELF\">next</a>";
function varcheck( $y, $ignore=false )
{
$x = isset( $_SESSION['var'] );
if( $x ) {
echo "\$_SESSION['var'] is now: ";
var_dump( $_SESSION['var'] );
} else
echo "\$_SESSION['var'] is not set.\n";
if( $x != $y and !$ignore ) {
echo "... this shouldn't happen, maybe your php.ini differs from
mine.\n";
echo " feel free to contact me
<[EMAIL PROTECTED]>\n";
die();
}
}
--
Edit bug report at http://bugs.php.net/?id=15551&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=15551&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=15551&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=15551&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=15551&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=15551&r=support
Expected behavior: http://bugs.php.net/fix.php?id=15551&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=15551&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=15551&r=submittedtwice
