ID: 32564
Comment by: derek dot ethier at humber dot ca
Reported By: echenavaz at mengine dot fr
Status: Feedback
Bug Type: Session related
Operating System: debian 2.6.9
PHP Version: 5.0.4
New Comment:
More information:
This "problem" does not exist with 5.0.2 on Windows 2003 (IIS6).
duh at dowebwedo dot com's method does work within the execution of
that one script, but the unset variables are not persistent. The
$_SESSION variables are restored on each subsequent page load even
after they have been unset which leads to problems with session
fixation and the inability to clean-up session values that are no
longer needed.
Previous Comments:
------------------------------------------------------------------------
[2005-04-04 18:56:56] derek dot ethier at humber dot ca
I can confirm this problem with Windows Server 2003, PHP 5.0.4. Sample
code:
<?php
function unsetSessionVariables($session_name) {
foreach ($_SESSION as $session_key => $session_variable) {
if (strstr($session_key, $session_name)) {
// Neither of these work as intended.
unset($GLOBALS[_SESSION][$session_key]);
unset($_SESSION[$session_key]);
}
}
}
unsetSessionVariables("session_name");
?>
I have verified that the same problem exists in the latest 5.1 snap
(php5-win32-200504041430) on the same platform.
------------------------------------------------------------------------
[2005-04-04 12:43:10] duh at dowebwedo dot com
I did not experience any problems with Apache/1.3.29 (Unix) PHP/5.0.4
on Debian stable.
Code:
<?php
$_SESSION['one'] = 1;
$_SESSION['two'] = 2;
$_SESSION['three'] = 3;
print_r($_SESSION);
foreach ($_SESSION as $key_session => $session)
unset($_SESSION[$key_session]);
print_r($_SESSION);
?>
Result is as expected:
Array ( [DF_debug] => 1 [one] => 1 [two] => 2 [three] => 3 ) Array ( )
------------------------------------------------------------------------
[2005-04-04 10:23:51] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2005-04-04 10:17:18] echenavaz at mengine dot fr
Description:
------------
work fine whith 5.0.0
do not work whith 5.0.4
(whith zlib.output_compression = On)
Reproduce code:
---------------
foreach($_SESSION as $key_session => $session)
{
if(substr($key_session, 0, 17) == "session_pm_search")
{
unset($_SESSION[$key_session]);
}
}
$forward_url =
"https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
header("location:$forward_url");
die();
Expected result:
----------------
$_SESSION['session_pm_searchXXXXX'] are unset
Actual result:
--------------
$_SESSION['session_pm_searchXXXXX'] are not unset
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32564&edit=1
