From: gianksmail at gmail dot com Operating system: Debian Lenny PHP version: 5.2.9 PHP Bug Type: Session related Bug description: PHP resore old session values after session_destroy
Description: ------------ Hi, i'm having an issue with session_destroy(); This is a script sample: $_SESSION['username'] = (isset($_POST['username']))? $_POST['username']: $_SESSION['username']; In this case, after user login, than logout via session_destroy, if the user reloads the page, the first time the server raises this warning: Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 in var_dump i can see $_SESSION['username'] and $_SESSION['password'] to be unset after session_destroy. the second time, just reloading the page, these variables are set to NULL (correctly i think, missing the previous value for them). The third time the user may now access all contents as still logged in: i can see the old variables values restored as before the session destroy, now! -- Edit bug report at http://bugs.php.net/?id=48101&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48101&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48101&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48101&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48101&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48101&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48101&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48101&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48101&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48101&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48101&r=support Expected behavior: http://bugs.php.net/fix.php?id=48101&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48101&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48101&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48101&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48101&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48101&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48101&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48101&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48101&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48101&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48101&r=mysqlcfg