ID: 22117 Comment by: jneil at myersinternet dot com Reported By: phpbugs at brianmertens dot com Status: Assigned Bug Type: Session related Operating System: Win NT 4 PHP Version: 4.3.0 Assigned To: sas New Comment:
While there are some new cautionary notes regarding mixing the use of $_SESSION and session_register (and the other session functions), the example below (and the examples in related bugs) do not mix the two means of accessing session variables. As the session_* functions have not been designated as deprecated code, current members of the PHP coding community must assume that these functions are still supported and should work. Given that the code below from brianmertens is valid PHP syntax but yet shows a weakness in the session_register functions (possibly due to pointer problems in the underlying code given the nature of the error), this seems worthy of actually working on instead of pointing out similar code (although with a different approach and function list) that does not have the bug. Are the developers of the PHP engine going to fix session_register or are they going to force the thousands of PHP developers who have used this function in good faith for several years to abandon it? Previous Comments: ------------------------------------------------------------------------ [2003-02-10 13:03:23] [EMAIL PROTECTED] Just FYI, the following script works as expected: <?php session_start(); if (!isset($_SESSION['var1'])) { $_SESSION['var1'] = "INITIALIZED"; $_SESSION['var2'] = $_SESSION['var1']; $_SESSION['var2'] = "CHANGED"; } var_dump($_SESSION); ?> ------------------------------------------------------------------------ [2003-02-10 12:54:13] phpbugs at brianmertens dot com A colleague points out that this script also produces the buggy behaviour. <?php session_start(); $var1 = "INITIALIZED"; $var2 = $var1; session_register("var1","var2"); $var2 = "CHANGED"; echo $var1."<br>"; echo $var2."<br>"; ?> ------------------------------------------------------------------------ [2003-02-09 16:36:48] phpbugs at brianmertens dot com Further searching makes me think that this may be related to Bug #20583 : http://bugs.php.net/bug.php?id=20583 ------------------------------------------------------------------------ [2003-02-09 16:33:11] phpbugs at brianmertens dot com Actually, I have created a simpler test case, which produces the behaviour in one script, and BEFORE serialization: <?php // bug3.php session_start(); $var1 = $var2 = "INITIALIZED"; session_register("var1","var2"); $var2 = "CHANGED"; echo $var1."<br>"; echo $var2."<br>"; ?> Actual Output in 4.3.0: CHANGED CHANGED Session data after execution var1|s:7:"CHANGED";var2|R:1; So it seems that $var2 is a reference of $var1, but only if the session_start and session_register functions are called. Notes: The bug occurs even if the "session_start();" and the "$var1 = $var2 = "INITIALIZED";" lines are swapped. The buggy behaviour disappears if I move the line "$var2 = "CHANGED"" above the session_register() call. ------------------------------------------------------------------------ [2003-02-09 16:07:53] phpbugs at brianmertens dot com Here's the contents of the session file, immediately after execution of my first test script test_bug1.php, from versions 4.2.2 and 4.3.0: session file from 4.2.2: var1|s:11:"INITIALIZED";var2|s:11:"INITIALIZED"; session file from 4.3.0: var1|s:11:"INITIALIZED";var2|R:1; ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/22117 -- Edit this bug report at http://bugs.php.net/?id=22117&edit=1