#22117 [Opn]: Session vars inappropriately created as references

phpbugs Mon, 10 Feb 2003 10:53:30 -0800

 ID:               22117
 User updated by:  [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Session related
 Operating System: Win NT 4
 PHP Version:      4.3.0
 New Comment:


A colleague points out that this script also
produces the buggy behaviour.

<?php
session_start();
$var1 = "INITIALIZED";
$var2 = $var1;
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>


Previous Comments:
------------------------------------------------------------------------

[2003-02-09 16:36:48] [EMAIL PROTECTED]

Further searching makes me think that this may be
related to Bug #20583 :
http://bugs.php.net/bug.php?id=20583

------------------------------------------------------------------------

[2003-02-09 16:33:11] [EMAIL PROTECTED]

Actually, I have created a simpler test case,
which produces the behaviour in one script,
and BEFORE serialization:

<?php
// bug3.php
session_start();
$var1 = $var2 = "INITIALIZED";
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>

Actual Output in 4.3.0:
CHANGED
CHANGED

Session data after execution
var1|s:7:"CHANGED";var2|R:1;

So it seems that $var2 is a reference of $var1,
but only if the session_start and session_register
functions are called.

Notes:
The bug occurs even if the "session_start();" and the "$var1 = $var2 =
"INITIALIZED";" lines are swapped.

The buggy behaviour disappears if I move the line
"$var2 = "CHANGED"" above the session_register() call.

------------------------------------------------------------------------

[2003-02-09 16:07:53] [EMAIL PROTECTED]

Here's the contents of the session file,
immediately after execution of my first
test script test_bug1.php, from versions
4.2.2 and 4.3.0:

session file from 4.2.2:
var1|s:11:"INITIALIZED";var2|s:11:"INITIALIZED";

session file from 4.3.0:
var1|s:11:"INITIALIZED";var2|R:1;

------------------------------------------------------------------------

[2003-02-07 17:41:24] [EMAIL PROTECTED]

It took me a while to track this down...
we noticed that when we upgraded a develpment box
from 4.2.3 to 4.3.0, that one of our session vars
was being over-written by another.

It turns out that one was being serialized 
to the session as a reference to the other,
but only if the vars were intialized like this:

 $var1 = $var2 = "some value";

Consider two scripts, test_bug1.php and test_bug2.php

If you run test_bug1, and then test_bug2, surprisingly,
the output of test_bug2 will be:

BEFORE:
var1 = 'INITIALIZED'
var2 = 'INITIALIZED'

AFTER:
var1 = 'CHANGED'
var2 = 'CHANGED'

<?php
// test_bug1.php
session_start();

$var1 = $var2 = "INITIALIZED";
session_register("var1","var2");

echo "INIT:<br>\n";
echo "var1 = '$var1'<br>";
echo "var2 = '$var2'<br><p>";

echo "<a href='test_bug2.php'>test_bug2.php</a>";

?>

<?php
// test_bug2.php
session_start();

echo "BEFORE:<br>\n";
echo "var1 = '$var1'<br>\n";
echo "var2 = '$var2'<br><p>\n";

$var2 = "CHANGED";

echo "AFTER:<br>\n";
echo "var1 = '$var1'<br>\n";
echo "var2 = '$var2'<br><p>\n";

$var2 = "EXIT";

?>



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=22117&edit=1

#22117 [Opn]: Session vars inappropriately created as references

Reply via email to