From: [EMAIL PROTECTED] Operating system: Win32 PHP version: 4.1.1 PHP Bug Type: Session related Bug description: unset($_SESSION['var']) problem with register_globals=on
Hi F0lks, when I use the $_SESSION array while register_globals is enabled, I can't unregister variables as described in the documentation ( unset($_SESSION['var']); ), except in the script call where 'var' was used first time. I wrote demonstration script hoping it shows you what I mean. (register_globals must be enabled!) <? session_name('testsession'); session_start(); echo '<pre>'; if( ! $_SESSION['c'] ) $_SESSION['c'] = 1; echo "=== unregistering variables from session with register_globals=On under PHP 4.1.1 ===\n"; echo "Current step: $_SESSION[c] of 5\n\n"; switch( $_SESSION['c'] ) { case 1: echo "Checking, if 'var' is registered - "; if( session_is_registered('var') ) { session_destroy(); echo "yes. Killed session. END. (reload this page!)\n"; die(); } else { echo "no. Good.\n"; } echo "Setting \$_SESSION['var'] to 'test1' ...\n"; $_SESSION['var'] = 'test1'; varcheck( true ); break; case 2: varcheck( true ); echo "Trying to unregister 'var' with unset(\$_SESSION['var']) ...\n"; unset( $_SESSION['var'] ); varcheck( false ); echo "\$_SESSION['var'] isn't anymore now, so it shouldn't exist on the next step.\n"; break; case 3: varcheck( true ); echo "Here it is again, damn!\n"; echo "Trying to get rid of it with session_unregister('var') ...\n"; session_unregister('var'); varcheck( false ); echo "Maybe, this time, it won't come back ...\n"; break; case 4: varcheck( false ); echo "It worked, \$_SESSION['var'] is dead ...\n"; echo "so let's try registering and unregistering in one (this) script call.\n\n"; echo "Setting \$_SESSION['var'] to 'test2' ...\n"; $_SESSION['var'] = 'test2'; varcheck( true ); echo "Trying to unregister 'var' with unset(\$_SESSION['var'])...\n"; unset( $_SESSION['var'] ); varcheck( false ); break; case 5: varcheck( false ); echo "No \$_SESSION['var'] ...\n\n"; echo 'I think, I can explain this behaviour. When you register a variable by $_SESSION[\'varname\']=\'something\'; $_SESSION[\'varname\'] is a string. When the script reacheas its end, it sees no $GLOBALS[\'varname\'] to save (register_globals=On!) so it takes $_SESSION[\'varname\']. When calling the script again, \'varname\' will be restored from session to $GLOBALS[\'varname\']. Then a reference to $GLOBALS[\'varname\'] will be created in $_SESSION[\'varname\']. unset($_SESSION[\'varname\'] would only delete the reference to $GLOBALS[\'varname\'] ... My suggestion to the php developers: When register_globals=On restore variables from session to $_SESSION[\'varname\'] and store a reference to it in $GLOBALS[\'varname\']. '; // don't need break; here ... default: session_destroy(); echo "\n- - -\nSession killed. END. (reload to start again)\n"; die(); } $_SESSION['c'] += 1; echo "</pre><a href=\"$PHP_SELF\">next</a>"; function varcheck( $y, $ignore=false ) { $x = isset( $_SESSION['var'] ); if( $x ) { echo "\$_SESSION['var'] is now: "; var_dump( $_SESSION['var'] ); } else echo "\$_SESSION['var'] is not set.\n"; if( $x != $y and !$ignore ) { echo "... this shouldn't happen, maybe your php.ini differs from mine.\n"; echo " feel free to contact me <[EMAIL PROTECTED]>\n"; die(); } } -- Edit bug report at http://bugs.php.net/?id=15551&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=15551&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15551&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15551&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15551&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=15551&r=support Expected behavior: http://bugs.php.net/fix.php?id=15551&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15551&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=15551&r=submittedtwice