Edit report at https://bugs.php.net/bug.php?id=51127&edit=1
ID: 51127 Comment by: simon at hurix dot de Reported by: asanoki at gmail dot com Summary: $_SESSION illogical behaviour Status: Verified Type: Feature/Change Request Package: Session related Operating System: Linux PHP Version: 5.2.12 Block user comment: N Private report: N New Comment: ! (exclamation mark) in the key string is also breaking the whole _SESSION array on next hit. I suppose there are some more. Previous Comments: ------------------------------------------------------------------------ [2011-02-03 13:09:11] cyberdisyan at gmail dot com I experienced the same bug, and it took's me one week to understand why my all of my session variables was destroyed into our application. BUT the strangest think is that the session_id is still good. Anyway as asanoki said a Warning notice should be usefull Thanks ------------------------------------------------------------------------ [2010-02-23 18:56:23] asanoki at gmail dot com Description: ------------ No warning about using not allowed characters as a key in array $_SESSION. It is illogical, and should raise a warning or notice. In manual it is written that $_SESSION is a superglobal *associative array* (http://pl.php.net/manual/pl/reserved.variables.session.php). Additional restrictions to key names are illogical and unintuitive. Why do a session serialization function uses diffrent algorithm than default serialize() php function which works fine in such situations? Example. Using | character as a key in $_SESSION array causes damaging a session file (it gets 0 bytes length) without any notice, warning or error. I understand that it is mentioned in manual, but it is illogical, unintuitive and should raise at least a warning. Reproduce code: --------------- /* Here is php code which reproduces this error. Fire it *twice*, and look at output of a *second* execution. */ session_start(); echo "This was loaded from session:<br />\n"; var_dump($_SESSION); $_SESSION["a|b"] = "asdasd"; echo "<br />\nThis is written to session:<br />\n"; var_dump($_SESSION); Expected result: ---------------- This was loaded from session: array(1) { ["a|b"]=> string(6) "asdasd" } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } Actual result: -------------- This was loaded from session: array(0) { } This is written to session: array(1) { ["a|b"]=> string(6) "asdasd" } ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=51127&edit=1
