#42774 [Opn-Fbk]: $_SESSION data not written if var populated from function first
ID: 42774 Updated by: [EMAIL PROTECTED] Reported By: johns582 at mail dot msu dot edu -Status: Open +Status: Feedback Bug Type: Session related Operating System: Debian 4.1.1; FreeBSD 4.8 PHP Version: 5.2.4 New Comment: And that's the shortest possible script you can reproduce it with? (I'm pretty sure you can do better.. :) Previous Comments: [2007-09-29 15:17:50] johns582 at mail dot msu dot edu Sure - Here is the form from which the script can be invoked: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head titleTest Sessions/title /head body form action=/php/test_session.php method=post input type=text value= name=f_namebr input type=text value= name=l_name input type=submit value=test session /form /body /html And here is the script itself (it is currently set up to use a file-based session handler). There is some commented-out code in here that should make it easy to see how seemingly irrelevant adjustments to how the var is initially set will influence whether it gets set in the session file (or db row): ?php //include functions library include_once(php/libraries/general_functions_new.php); session_start(); //if the var assignments are made directly from the _POST array, //then the session vars are successfully set //$f_name = $_POST['f_name']; //$l_name = $_POST['l_name']; //but setting the vars with a call to populate_rev, the subsequently //assigning them to $_SESSION results in a successful assignment to //$_SESSION, but no storage in the session file or db. $f_name = populate_rev (f_name, $_GET, $_POST, $_SESSION); $l_name = populate_rev (l_name, $_GET, $_POST, $_SESSION); //If code contained in populate_rev is brought into the main //body of this script, then the session vars are successfully set /* if (isset($_GET[f_name])) { $f_name = $_GET[f_name]; } elseif (isset($_POST[f_name])) { $f_name = $_POST[f_name]; } else { if (isset($_SESSION[f_name])) { $f_name = $_SESSION[f_name]; } else { $f_name = ''; } } if (isset($_GET[l_name])) { $l_name = $_GET[l_name]; } elseif (isset($_POST[l_name])) { $l_name = $_POST[l_name]; } else { if (isset($_SESSION[l_name])) { $l_name = $_SESSION[l_name]; } else { $l_name = ''; } } */ //register vars in the session $_SESSION['f_name'] = $f_name; $_SESSION['l_name'] = $l_name; echo brContents of global _SESSION array: ; var_export($_SESSION); echo brDone writing session vars. Check session file or db to confirm.; ? And here is the function library, general_functions_new.php: ?php function populate_rev ($array_index, $_GET, $_POST, $_SESSION) { if (isset($_GET[$array_index])) { $var = $_GET[$array_index]; } elseif (isset($_POST[$array_index])) { $var = $_POST[$array_index]; } elseif (isset($_SESSION[$array_index])) { $var = $_SESSION[$array_index]; } else { $var = ''; } return $var; } ? [2007-09-29 03:02:16] [EMAIL PROTECTED] Can you please provide a short but complete reproduce script? [2007-09-27 13:02:22] johns582 at mail dot msu dot edu No, register globals is off. Added note: this code worked in versions of PHP = 5.0.5 [2007-09-27 09:46:05] [EMAIL PROTECTED] Is register_globals=On ? [2007-09-27 04:10:26] johns582 at mail dot msu dot edu Description: We use a function (see below) to populate variables based on whether there is a key present in the $_GET, $_POST, or $_SESSION arrays. After this function is called and the result assigned to a variable, we save the variable in a session with: $_SESSION['var'] = $var; The result of this statement is that the variable $var is successful stored in $_SESSION but is not saved to the session file, which is what we expect. We can correct the problem by taking the logic
#42774 [Opn-Fbk]: $_SESSION data not written if var populated from function first
ID: 42774 Updated by: [EMAIL PROTECTED] Reported By: johns582 at mail dot msu dot edu -Status: Open +Status: Feedback Bug Type: Session related Operating System: Debian 4.1.1; FreeBSD 4.8 PHP Version: 5.2.4 New Comment: These variables you put in the function definition are super-globals. That means a) they're global everywhere b) you don't need to pass them around. I'd be surprised if this kind of code worked at all.. Please fix your code. Previous Comments: [2007-09-30 12:13:40] johns582 at mail dot msu dot edu Here is a version (12 lines) that doesn't have any of the commented out code. But I'd still recommend looking at the original, as the commented code was intended to save you time in reproducing some of the weirder behavior I described above. ?php include_once(php/libraries/general_functions_new.php); session_start(); $f_name = populate_rev (f_name, $_GET, $_POST, $_SESSION); $l_name = populate_rev (l_name, $_GET, $_POST, $_SESSION); $_SESSION['f_name'] = $f_name; $_SESSION['l_name'] = $l_name; echo brContents of global _SESSION array: ; var_export($_SESSION); echo brDone writing session vars. Check session file or db to confirm.; ? [2007-09-30 06:28:21] [EMAIL PROTECTED] And that's the shortest possible script you can reproduce it with? (I'm pretty sure you can do better.. :) [2007-09-29 15:17:50] johns582 at mail dot msu dot edu Sure - Here is the form from which the script can be invoked: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head titleTest Sessions/title /head body form action=/php/test_session.php method=post input type=text value= name=f_namebr input type=text value= name=l_name input type=submit value=test session /form /body /html And here is the script itself (it is currently set up to use a file-based session handler). There is some commented-out code in here that should make it easy to see how seemingly irrelevant adjustments to how the var is initially set will influence whether it gets set in the session file (or db row): ?php //include functions library include_once(php/libraries/general_functions_new.php); session_start(); //if the var assignments are made directly from the _POST array, //then the session vars are successfully set //$f_name = $_POST['f_name']; //$l_name = $_POST['l_name']; //but setting the vars with a call to populate_rev, the subsequently //assigning them to $_SESSION results in a successful assignment to //$_SESSION, but no storage in the session file or db. $f_name = populate_rev (f_name, $_GET, $_POST, $_SESSION); $l_name = populate_rev (l_name, $_GET, $_POST, $_SESSION); //If code contained in populate_rev is brought into the main //body of this script, then the session vars are successfully set /* if (isset($_GET[f_name])) { $f_name = $_GET[f_name]; } elseif (isset($_POST[f_name])) { $f_name = $_POST[f_name]; } else { if (isset($_SESSION[f_name])) { $f_name = $_SESSION[f_name]; } else { $f_name = ''; } } if (isset($_GET[l_name])) { $l_name = $_GET[l_name]; } elseif (isset($_POST[l_name])) { $l_name = $_POST[l_name]; } else { if (isset($_SESSION[l_name])) { $l_name = $_SESSION[l_name]; } else { $l_name = ''; } } */ //register vars in the session $_SESSION['f_name'] = $f_name; $_SESSION['l_name'] = $l_name; echo brContents of global _SESSION array: ; var_export($_SESSION); echo brDone writing session vars. Check session file or db to confirm.; ? And here is the function library, general_functions_new.php: ?php function populate_rev ($array_index, $_GET, $_POST, $_SESSION) { if (isset($_GET[$array_index])) { $var = $_GET[$array_index]; } elseif (isset($_POST[$array_index])) { $var = $_POST[$array_index]; } elseif (isset($_SESSION[$array_index])) { $var = $_SESSION[$array_index]; } else { $var = '';
#42774 [Opn-Fbk]: $_SESSION data not written if var populated from function first
ID: 42774 Updated by: [EMAIL PROTECTED] Reported By: johns582 at mail dot msu dot edu -Status: Open +Status: Feedback Bug Type: Session related Operating System: Debian 4.1.1; FreeBSD 4.8 PHP Version: 5.2.4 New Comment: Can you please provide a short but complete reproduce script? Previous Comments: [2007-09-27 13:02:22] johns582 at mail dot msu dot edu No, register globals is off. Added note: this code worked in versions of PHP = 5.0.5 [2007-09-27 09:46:05] [EMAIL PROTECTED] Is register_globals=On ? [2007-09-27 04:10:26] johns582 at mail dot msu dot edu Description: We use a function (see below) to populate variables based on whether there is a key present in the $_GET, $_POST, or $_SESSION arrays. After this function is called and the result assigned to a variable, we save the variable in a session with: $_SESSION['var'] = $var; The result of this statement is that the variable $var is successful stored in $_SESSION but is not saved to the session file, which is what we expect. We can correct the problem by taking the logic in the function below out of the function and placing it into the body of the main script. We've also noticed that even when the function is called by the main script, but not used to assign a value to a variable we intend to store in a session, this is enough to break the session in the manner described above (e.g., //DOESN'T WORK TO MAKE $f_name and $l_name appear in the session file //even though we aren't actually storing the value of $f_name_p or //$l_name_p in the session. But works if lines 3 and 4 are removed. $f_name = $_POST['f_name']; $l_name = $_POST['l_name']; $f_name_p = populate_rev (f_name, $_GET, $_POST, $_SESSION); $l_name_p = populate_rev (l_name, $_GET, $_POST, $_SESSION); $_SESSION['f_name'] = $f_name; $_SESSION['l_name'] = $l_name; One last point: This problem occurs with both the default files session handler and a custom db-backed handler. Using the db-backed handler, we can confirm that the overloaded write function received a session key, but no data. Reproduce code: --- function populate_rev ($array_index, $_GET, $_POST, $_SESSION) { if (isset($_GET[$array_index])) { $var = $_GET[$array_index]; } elseif (isset($_POST[$array_index])) { $var = $_POST[$array_index]; } elseif (isset($_SESSION[$array_index])) { $var = $_SESSION[$array_index]; } else { $var = ''; } return $var; } Expected result: Expected to see the string f_name|s:7:Heather;l_name|s:7:Johnson; present in the session file or in the database (depending on which handler was currently being used), for example, following assignment of $f_name and $l_name to the corresponding key in $_SESSION and termination of the script. Actual result: -- Even though the $_SESSION array contains the expected key/value pairs, the session file or database row (in the case of our custom handler) doesn't contain them. No data is passed to the session write function in the case of the custom handler. Moving the function's logic into the main body of the script, or abandoning the function in favor of straight assignment from the $_POST vars array is the only way to produce the expected result. (e.g., $f_name = $_POST['f_name']; $l_name = $_POST['l_name']; -- Edit this bug report at http://bugs.php.net/?id=42774edit=1
#42774 [Opn-Fbk]: $_SESSION data not written if var populated from function first
ID: 42774 Updated by: [EMAIL PROTECTED] Reported By: johns582 at mail dot msu dot edu -Status: Open +Status: Feedback Bug Type: Session related Operating System: Debian 4.1.1; FreeBSD 4.8 PHP Version: 5.2.4 New Comment: Is register_globals=On ? Previous Comments: [2007-09-27 04:10:26] johns582 at mail dot msu dot edu Description: We use a function (see below) to populate variables based on whether there is a key present in the $_GET, $_POST, or $_SESSION arrays. After this function is called and the result assigned to a variable, we save the variable in a session with: $_SESSION['var'] = $var; The result of this statement is that the variable $var is successful stored in $_SESSION but is not saved to the session file, which is what we expect. We can correct the problem by taking the logic in the function below out of the function and placing it into the body of the main script. We've also noticed that even when the function is called by the main script, but not used to assign a value to a variable we intend to store in a session, this is enough to break the session in the manner described above (e.g., //DOESN'T WORK TO MAKE $f_name and $l_name appear in the session file //even though we aren't actually storing the value of $f_name_p or //$l_name_p in the session. But works if lines 3 and 4 are removed. $f_name = $_POST['f_name']; $l_name = $_POST['l_name']; $f_name_p = populate_rev (f_name, $_GET, $_POST, $_SESSION); $l_name_p = populate_rev (l_name, $_GET, $_POST, $_SESSION); $_SESSION['f_name'] = $f_name; $_SESSION['l_name'] = $l_name; One last point: This problem occurs with both the default files session handler and a custom db-backed handler. Using the db-backed handler, we can confirm that the overloaded write function received a session key, but no data. Reproduce code: --- function populate_rev ($array_index, $_GET, $_POST, $_SESSION) { if (isset($_GET[$array_index])) { $var = $_GET[$array_index]; } elseif (isset($_POST[$array_index])) { $var = $_POST[$array_index]; } elseif (isset($_SESSION[$array_index])) { $var = $_SESSION[$array_index]; } else { $var = ''; } return $var; } Expected result: Expected to see the string f_name|s:7:Heather;l_name|s:7:Johnson; present in the session file or in the database (depending on which handler was currently being used), for example, following assignment of $f_name and $l_name to the corresponding key in $_SESSION and termination of the script. Actual result: -- Even though the $_SESSION array contains the expected key/value pairs, the session file or database row (in the case of our custom handler) doesn't contain them. No data is passed to the session write function in the case of the custom handler. Moving the function's logic into the main body of the script, or abandoning the function in favor of straight assignment from the $_POST vars array is the only way to produce the expected result. (e.g., $f_name = $_POST['f_name']; $l_name = $_POST['l_name']; -- Edit this bug report at http://bugs.php.net/?id=42774edit=1