ID: 32564 Updated by: php-bugs@lists.php.net Reported By: echenavaz at mengine dot fr -Status: Feedback +Status: No Feedback Bug Type: Session related Operating System: debian 2.6.9 PHP Version: 5.0.4 New Comment:
No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". Previous Comments: ------------------------------------------------------------------------ [2005-04-05 17:07:33] derek dot ethier at humber dot ca More information: This "problem" does not exist with 5.0.2 on Windows 2003 (IIS6). duh at dowebwedo dot com's method does work within the execution of that one script, but the unset variables are not persistent. The $_SESSION variables are restored on each subsequent page load even after they have been unset which leads to problems with session fixation and the inability to clean-up session values that are no longer needed. ------------------------------------------------------------------------ [2005-04-04 18:56:56] derek dot ethier at humber dot ca I can confirm this problem with Windows Server 2003, PHP 5.0.4. Sample code: <?php function unsetSessionVariables($session_name) { foreach ($_SESSION as $session_key => $session_variable) { if (strstr($session_key, $session_name)) { // Neither of these work as intended. unset($GLOBALS[_SESSION][$session_key]); unset($_SESSION[$session_key]); } } } unsetSessionVariables("session_name"); ?> I have verified that the same problem exists in the latest 5.1 snap (php5-win32-200504041430) on the same platform. ------------------------------------------------------------------------ [2005-04-04 12:43:10] duh at dowebwedo dot com I did not experience any problems with Apache/1.3.29 (Unix) PHP/5.0.4 on Debian stable. Code: <?php $_SESSION['one'] = 1; $_SESSION['two'] = 2; $_SESSION['three'] = 3; print_r($_SESSION); foreach ($_SESSION as $key_session => $session) unset($_SESSION[$key_session]); print_r($_SESSION); ?> Result is as expected: Array ( [DF_debug] => 1 [one] => 1 [two] => 2 [three] => 3 ) Array ( ) ------------------------------------------------------------------------ [2005-04-04 10:23:51] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2005-04-04 10:17:18] echenavaz at mengine dot fr Description: ------------ work fine whith 5.0.0 do not work whith 5.0.4 (whith zlib.output_compression = On) Reproduce code: --------------- foreach($_SESSION as $key_session => $session) { if(substr($key_session, 0, 17) == "session_pm_search") { unset($_SESSION[$key_session]); } } $forward_url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; header("location:$forward_url"); die(); Expected result: ---------------- $_SESSION['session_pm_searchXXXXX'] are unset Actual result: -------------- $_SESSION['session_pm_searchXXXXX'] are not unset ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32564&edit=1