From: [EMAIL PROTECTED]
Operating system: WinXP
PHP version: 4.2.0
PHP Bug Type: Session related
Bug description: Session variables lost during page changes
Hi all,
Globals are Off!
I am logging in from a form on one page (sessions.php), sending the data
via GET (for test purposes) to another script (setSession.php) which
should display the contents of the session vars once set. Then there is a
hyperlink to take me back to the sessions.php script where I should be
presented with a welcome message as opposed to the original log in form.
The problem is that there appears to be great inconsistency with how
session vars perform. I have included the test scripts I have been using
below for your convenience.
Problem exhibited
Test Case 1 (see Test Code):
This is the method recommended for when Globals are On but I ran this test
with Globals Off to see if it helped. This results with me not being able
to see the session var contents on the page they are created BUT following
the link which takes me back to the login Form does result with me being
logged in automatically.
Test Case 2:
This results with me being able to display the contents of the session
vars on the page which created them BUT they appear to get lost when
following the link which should auto log me in.
Test Case 3:
Results are exactly the same as Test Case 2.
Note: To simulate a test case, copy the two scripts below and set the
$testcase number at the top of each script.
==============
sessions.php
==============
<?
$testcase = 1;
switch ($testcase){
case 1:
session_start();
break;
default:
break;
}
?>
<html>
<head>
</head>
<body>
<?
switch ($testcase) {
case 1:
if ($HTTP_SESSION_VARS['username']){
echo "Welcome ".$HTTP_SESSION_VARS['username'];
} else {
echo "Running Test Case $testcase <br />";
echo "<form method=\"GET\" action=\"setSession.php\">\n"
. "User: <input type=\"text\" name=\"user\" value=\"\"><br
/>\n"
. "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
. "<input type=\"submit\" value=\"Set Session\"><br />\n"
. "</form>\n";
}
break;
case 2;
if ($_SESSION['username']){
echo "Welcome ".$_SESSION['username'];
} else {
echo "Running Test Case $testcase <br />";
echo "<form method=\"GET\" action=\"setSession.php\">\n"
. "User: <input type=\"text\" name=\"user\" value=\"\"><br
/>\n"
. "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
. "<input type=\"submit\" value=\"Set Session\"><br />\n"
. "</form>\n";
}
break;
case 3:
if ($HTTP_SESSION_VARS['username']){
echo "Welcome ".$HTTP_SESSION_VARS['username'];
} else {
echo "Running Test Case $testcase <br />";
echo "<form method=\"GET\" action=\"setSession.php\">\n"
. "User: <input type=\"text\" name=\"user\" value=\"\"><br
/>\n"
. "ID: <input type=\"text\" name=\"id\" value=\"\"><br />\n"
. "<input type=\"submit\" value=\"Set Session\"><br />\n"
. "</form>\n";
}
break;
default:
echo "Invalid Test Case Specified";
exit (1);
}
?>
</body>
</html>
===============
setSession.php
===============
<?
$testcase = 1;
switch ($testcase){
case 1:
session_start();
break;
default:
break;
}
?>
<html>
<head>
</head>
<body>
<?
$testcase = 3;
switch ($testcase){
case 1:
if ($_GET['user']){
//Globals On - test case 1
$username = $HTTP_GET_VARS['user'];
$userid = $HTTP_GET_VARS['id'];
session_register('username');
session_register('userid');
}
break;
case 2:
if ($_GET['user']){
//Globals Off with $_SESSION[] - test case 2
$_SESSION['username'] = $HTTP_GET_VARS['user'];
$_SESSION['userid'] = $HTTP_GET_VARS['id'];
}
break;
case 3:
if ($_GET['user']){
//Globals Off with $HTTP_SESSION_VARS[] - test case 3
$HTTP_SESSION_VARS['username'] = $HTTP_GET_VARS['user'];
$HTTP_SESSION_VARS['userid'] = $HTTP_GET_VARS['id'];
}
break;
default:
echo "Invalid test case specified";
exit (1);
}
echo "Running Test Case $testcase <br />";
echo "<hr>";
?>
Session Vars are set to:<br />
<?
switch ($testcase){
case 1:
echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
break;
case 2:
echo "User = ".$_SESSION['username']."<br />";
echo "Userid = ".$_SESSION['userid']."<br />";
break;
case 3:
echo "User = ".$HTTP_SESSION_VARS['username']."<br />";
echo "Userid = ".$HTTP_SESSION_VARS['userid']."<br />";
break;
default:
echo "Invalid Test Case Specified";
exit(1);
}
?>
<hr>
<a href="sessions.php">Click here to test your session vars</a>
</body>
</html>
Thanks
--
Edit bug report at http://bugs.php.net/?id=16890&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16890&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16890&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16890&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16890&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16890&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16890&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16890&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16890&r=submittedtwice
