From: asanoki at gmail dot com Operating system: Linux PHP version: 5.2.12 PHP Bug Type: Session related Bug description: $_SESSION illogical behaviour.
Description: ------------ No warning about using not allowed characters as a key in array $_SESSION. It is illogical, and should raise a warning or notice. In manual it is written that $_SESSION is a superglobal *associative array* (http://pl.php.net/manual/pl/reserved.variables.session.php). Additional restrictions to key names are illogical and unintuitive. Why do a session serialization function uses diffrent algorithm than default serialize() php function which works fine in such situations? Example. Using | character as a key in $_SESSION array causes damaging a session file (it gets 0 bytes length) without any notice, warning or error. I understand that it is mentioned in manual, but it is illogical, unintuitive and should raise at least a warning. Reproduce code: --------------- /* Here is php code which reproduces this error. Fire it *twice*, and look at output of a *second* execution. */ session_start(); echo "This was loaded from session:<br />\n"; var_dump($_SESSION); $_SESSION["a|b"] = "asdasd"; echo "<br />\nThis is written to session:<br />\n"; var_dump($_SESSION); Expected result: ---------------- This was loaded from session: array(1) { ["a|b"]=> string(6) "asdasd" } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } Actual result: -------------- This was loaded from session: array(0) { } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } -- Edit bug report at http://bugs.php.net/?id=51127&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51127&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51127&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51127&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51127&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51127&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51127&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51127&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51127&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51127&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51127&r=support Expected behavior: http://bugs.php.net/fix.php?id=51127&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51127&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51127&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51127&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51127&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51127&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51127&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51127&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51127&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51127&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51127&r=mysqlcfg