ID: 32564
Updated by: php-bugs@lists.php.net
Reported By: echenavaz at mengine dot fr
-Status: Feedback
+Status: No Feedback
Bug Type: Session related
Operating System: debian 2.6.9
PHP Version: 5.0.4
New Comment:
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
Previous Comments:
------------------------------------------------------------------------
[2005-04-05 17:07:33] derek dot ethier at humber dot ca
More information:
This "problem" does not exist with 5.0.2 on Windows 2003 (IIS6).
duh at dowebwedo dot com's method does work within the execution of
that one script, but the unset variables are not persistent. The
$_SESSION variables are restored on each subsequent page load even
after they have been unset which leads to problems with session
fixation and the inability to clean-up session values that are no
longer needed.
------------------------------------------------------------------------
[2005-04-04 18:56:56] derek dot ethier at humber dot ca
I can confirm this problem with Windows Server 2003, PHP 5.0.4. Sample
code:
<?php
function unsetSessionVariables($session_name) {
foreach ($_SESSION as $session_key => $session_variable) {
if (strstr($session_key, $session_name)) {
// Neither of these work as intended.
unset($GLOBALS[_SESSION][$session_key]);
unset($_SESSION[$session_key]);
}
}
}
unsetSessionVariables("session_name");
?>
I have verified that the same problem exists in the latest 5.1 snap
(php5-win32-200504041430) on the same platform.
------------------------------------------------------------------------
[2005-04-04 12:43:10] duh at dowebwedo dot com
I did not experience any problems with Apache/1.3.29 (Unix) PHP/5.0.4
on Debian stable.
Code:
<?php
$_SESSION['one'] = 1;
$_SESSION['two'] = 2;
$_SESSION['three'] = 3;
print_r($_SESSION);
foreach ($_SESSION as $key_session => $session)
unset($_SESSION[$key_session]);
print_r($_SESSION);
?>
Result is as expected:
Array ( [DF_debug] => 1 [one] => 1 [two] => 2 [three] => 3 ) Array ( )
------------------------------------------------------------------------
[2005-04-04 10:23:51] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2005-04-04 10:17:18] echenavaz at mengine dot fr
Description:
------------
work fine whith 5.0.0
do not work whith 5.0.4
(whith zlib.output_compression = On)
Reproduce code:
---------------
foreach($_SESSION as $key_session => $session)
{
if(substr($key_session, 0, 17) == "session_pm_search")
{
unset($_SESSION[$key_session]);
}
}
$forward_url =
"https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
header("location:$forward_url");
die();
Expected result:
----------------
$_SESSION['session_pm_searchXXXXX'] are unset
Actual result:
--------------
$_SESSION['session_pm_searchXXXXX'] are not unset
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32564&edit=1
