Edit report at http://bugs.php.net/bug.php?id=51127&edit=1
ID: 51127 Updated by: m...@php.net Reported by: asanoki at gmail dot com Summary: $_SESSION illogical behaviour -Status: Open +Status: Verified Type: Feature/Change Request Package: Session related Operating System: Linux PHP Version: 5.2.12 Previous Comments: ------------------------------------------------------------------------ [2010-02-23 18:56:23] asanoki at gmail dot com Description: ------------ No warning about using not allowed characters as a key in array $_SESSION. It is illogical, and should raise a warning or notice. In manual it is written that $_SESSION is a superglobal *associative array* (http://pl.php.net/manual/pl/reserved.variables.session.php). Additional restrictions to key names are illogical and unintuitive. Why do a session serialization function uses diffrent algorithm than default serialize() php function which works fine in such situations? Example. Using | character as a key in $_SESSION array causes damaging a session file (it gets 0 bytes length) without any notice, warning or error. I understand that it is mentioned in manual, but it is illogical, unintuitive and should raise at least a warning. Reproduce code: --------------- /* Here is php code which reproduces this error. Fire it *twice*, and look at output of a *second* execution. */ session_start(); echo "This was loaded from session:<br />\n"; var_dump($_SESSION); $_SESSION["a|b"] = "asdasd"; echo "<br />\nThis is written to session:<br />\n"; var_dump($_SESSION); Expected result: ---------------- This was loaded from session: array(1) { ["a|b"]=> string(6) "asdasd" } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } Actual result: -------------- This was loaded from session: array(0) { } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51127&edit=1