ID: 22117
Comment by: jneil at myersinternet dot com
Reported By: phpbugs at brianmertens dot com
Status: Assigned
Bug Type: Session related
Operating System: Win NT 4
PHP Version: 4.3.0
Assigned To: sas
New Comment:
While there are some new cautionary notes regarding mixing the use of
$_SESSION and session_register (and the other session functions), the
example below (and the examples in related bugs) do not mix the two
means of accessing session variables. As the session_* functions have
not been designated as deprecated code, current members of the PHP
coding community must assume that these functions are still supported
and should work. Given that the code below from brianmertens is valid
PHP syntax but yet shows a weakness in the session_register functions
(possibly due to pointer problems in the underlying code given the
nature of the error), this seems worthy of actually working on instead
of pointing out similar code (although with a different approach and
function list) that does not have the bug. Are the developers of the
PHP engine going to fix session_register or are they going to force the
thousands of PHP developers who have used this function in good faith
for several years to abandon it?
Previous Comments:
------------------------------------------------------------------------
[2003-02-10 13:03:23] [EMAIL PROTECTED]
Just FYI, the following script works as expected:
<?php
session_start();
if (!isset($_SESSION['var1'])) {
$_SESSION['var1'] = "INITIALIZED";
$_SESSION['var2'] = $_SESSION['var1'];
$_SESSION['var2'] = "CHANGED";
}
var_dump($_SESSION);
?>
------------------------------------------------------------------------
[2003-02-10 12:54:13] phpbugs at brianmertens dot com
A colleague points out that this script also
produces the buggy behaviour.
<?php
session_start();
$var1 = "INITIALIZED";
$var2 = $var1;
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>
------------------------------------------------------------------------
[2003-02-09 16:36:48] phpbugs at brianmertens dot com
Further searching makes me think that this may be
related to Bug #20583 :
http://bugs.php.net/bug.php?id=20583
------------------------------------------------------------------------
[2003-02-09 16:33:11] phpbugs at brianmertens dot com
Actually, I have created a simpler test case,
which produces the behaviour in one script,
and BEFORE serialization:
<?php
// bug3.php
session_start();
$var1 = $var2 = "INITIALIZED";
session_register("var1","var2");
$var2 = "CHANGED";
echo $var1."<br>";
echo $var2."<br>";
?>
Actual Output in 4.3.0:
CHANGED
CHANGED
Session data after execution
var1|s:7:"CHANGED";var2|R:1;
So it seems that $var2 is a reference of $var1,
but only if the session_start and session_register
functions are called.
Notes:
The bug occurs even if the "session_start();" and the "$var1 = $var2 =
"INITIALIZED";" lines are swapped.
The buggy behaviour disappears if I move the line
"$var2 = "CHANGED"" above the session_register() call.
------------------------------------------------------------------------
[2003-02-09 16:07:53] phpbugs at brianmertens dot com
Here's the contents of the session file,
immediately after execution of my first
test script test_bug1.php, from versions
4.2.2 and 4.3.0:
session file from 4.2.2:
var1|s:11:"INITIALIZED";var2|s:11:"INITIALIZED";
session file from 4.3.0:
var1|s:11:"INITIALIZED";var2|R:1;
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/22117
--
Edit this bug report at http://bugs.php.net/?id=22117&edit=1
