ID: 8772
User Update by: [EMAIL PROTECTED]
Status: Open
Bug Type: *Session related
Description: user level session storage fails when register_globals off

I would like to know if there is any news with regards to this bug? The workaround 
involves using "register_globals on" and I really don't like this aproach.

Thanks, Serge

Previous Comments:

[2001-02-22 18:39:01] [EMAIL PROTECTED]
Steve Chadsey has reported that he has the same bug as me:
His message follow.

For the record, I am having the *exact* problem you describe.  It's on a RedHat 6.2 
system, kernel 2.4.1, PostgreSQL 7.0.3, Apache/1.3.17 (Unix) mod_perl/1.25 
PHP/4.0.4pl1.  With register_globals off, the session
write function is never getting called.  With register_globals on, it works fine.

Do you think I should add a new bug report?  Can I add a "me too" to
your bug report?

Steve Chadsey <[EMAIL PROTECTED]>


[2001-02-03 07:14:11] [EMAIL PROTECTED]
Looks like someone else is having the same problem.

See bug number 9002



[2001-01-25 14:39:36] [EMAIL PROTECTED]
Below are my php.ini settings and Virtual Host settings

# php.ini file

engine                  =       On 
short_open_tag  =       On
asp_tags                =       Off
precision               =       14
y2k_compliance  =       Off
output_buffering        = Off
output_handler          =
implicit_flush          = Off
allow_call_time_pass_reference  = Off

; Safe Mode
safe_mode               =       Off
safe_mode_exec_dir      =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions       =                                                              



; Colors for Syntax Highlighting mode.  Anything that's acceptable in <font color=???> 
would work.
highlight.string        =       #DD0000
highlight.comment       =       #FF8000
highlight.keyword       =       #007700            =       #FFFFFF
highlight.default       =       #0000BB
highlight.html          =       #000000

; Misc
expose_php      =       Off

; Resource Limits ;

max_execution_time = 60
memory_limit = 8M

error_reporting =       E_ALL & ~E_NOTICE & ~E_WARNING
display_errors  =       On
display_startup_errors = Off
log_errors              =       Off
track_errors    =       On
;error_prepend_string = "<font color=ff0000>"   
;error_append_string = "</font>"
;error_log      =       filename
;error_log      =       syslog
warn_plus_overloading   =       Off

; Data Handling ;
variables_order         =       "GPCS"
register_globals        =       Off
register_argc_argv      =       Off
post_max_size           =       8M
gpc_order                       =       "GPC"

; Magic quotes
magic_quotes_gpc        =       Off
magic_quotes_runtime=   Off
magic_quotes_sybase     =       Off

; automatically add files before or after any PHP document
auto_prepend_file       =
auto_append_file        =

; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

; Paths and Directories ;
include_path    =
doc_root                =
user_dir                =
extension_dir   =       ./
enable_dl               = On

; File Uploads ;
file_uploads    = On
;upload_tmp_dir =
upload_max_filesize = 15M

; Fopen wrappers ;
allow_url_fopen = On

; Module Settings ;

define_syslog_variables = Off

[mail function]
SMTP                    =       localhost
sendmail_from   =       [EMAIL PROTECTED]
sendmail_path   =       '/var/qmail/bin/qmail-inject -N'

[Debugger]   =       localhost
debugger.port   =       7869
debugger.enabled        =       False

;logging.method    = db
; = /path/to/log/directory


sql.safe_mode   =       Off

odbc.allow_persistent   =       On
odbc.check_persistent  =        On
odbc.max_persistent     =       -1
odbc.max_links                  =       -1
odbc.defaultlrl =       4096
odbc.defaultbinmode     =       1

mysql.allow_persistent  =       On
mysql.max_persistent    =       -1
mysql.max_links                 =       -1
mysql.default_port              =       
mysql.default_socket    =
mysql.default_host              =
mysql.default_user              =
mysql.default_password  =

msql.allow_persistent   =       On
msql.max_persistent             = -1
msql.max_links                  = -1

pgsql.allow_persistent  =       On
pgsql.max_persistent    =       -1
pgsql.max_links                 = -1

sybase.allow_persistent =       On
sybase.max_persistent   =       -1
sybase.max_links                =       -1
;sybase.interface_file  =       "/usr/sybase/interfaces"
sybase.min_error_severity       =       10
sybase.min_message_severity     =       10
sybase.compatability_mode       = Off

sybct.allow_persistent  =       On
sybct.max_persistent    =       -1
sybct.max_links                 =       -1
sybct.min_server_severity       =       10
sybct.min_client_severity       =       10

bcmath.scale    =       0


ifx.default_host                =               
ifx.default_user                =               
ifx.default_password            =               
ifx.allow_persistent            =       On      
ifx.max_persistent              =       -1      
ifx.max_links                   =       -1      
ifx.textasvarchar               =       0       
ifx.byteasvarchar               =       0       
ifx.charasvarchar               =       0       
ifx.blobinfile                  =       0       
ifx.nullformat                  =       0       

session.save_handler      = user
session.save_path         = php_sessions
session.use_cookies       = 1              = PHPSESSID  
session.auto_start        = 0
session.cookie_lifetime   = 0
session.cookie_path       = /   
session.cookie_domain     =     
session.serialize_handler = php 
session.gc_probability    = 10  
session.gc_maxlifetime    = 1200
session.referer_check     =     
session.entropy_length    = 0   
;session.entropy_file      =    
session.entropy_length    = 16
session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache
session.cache_expire      = 180
session.use_trans_sid     = 1

url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

mssql.allow_persistent          =       On
mssql.max_persistent            =       -1
mssql.max_links                         =       -1
mssql.min_error_severity        =       10
mssql.min_message_severity      =       10
mssql.compatability_mode        =  Off
;mssql.textlimit                        = 4096
;mssql.textsize                         = 4096
;mssql.batchsize                        =        0

;                          =       Off
;assert.warning                         =       On
;assert.bail                            =       Off
;assert.callback                        =       0
;assert.quiet_eval                      =       0

[Ingres II]
ingres.allow_persistent         =       On
ingres.max_persistent           =       -1
ingres.max_links                        =       -1
ingres.default_database         =
ingres.default_user                     =
ingres.default_password         =

[Verisign Payflow Pro]

sockets.use_system_read         =       Off


# virtual host settings
        ServerAdmin [EMAIL PROTECTED]
        DocumentRoot /www/medialib-dev/htdocs
        ErrorLog        /www/medialib-dev/logs/error_log
        CustomLog       /www/medialib-dev/logs/access_log common
        php_flag register_globals off
        php_flag track_vars on
        php_value auto_prepend_file "/usr/local/apache/conf/pgsql_session_handler.php"
        php_value include_path "/www/medialib-dev/libs"
        php_value open_basedir "/www/medialib-dev"


[2001-01-25 14:06:12] [EMAIL PROTECTED]

Whith register_globals on, this works fine.

$myvar = "VarVar";

and $myvar gets registerd with its value by the handler just



[2001-01-25 14:02:23] [EMAIL PROTECTED]
OK, here is some more info....

I just installed the Zend IDE and did some debugging.

What I noticed was the following using this test code:

    $HTTP_SESSION_VARS['myvar'] = "VarVar";
    print "This is a test";

if register_globals is off (Note: setting this in a virtual server with  php_flag 
register_globals off)

session_register("myvar") calls open_session in my session handler, and then calls 
read_session in the handler
I assign a value to $HTTP_SESSION_VARS['myvar']
upon exit; the following happens
close_session is called in the session handler and thats the end! ---> write_session 
was never called?


if register_globals is on (Note: setting this in a virtual server with  php_flag 
register_globals on)

session_register("myvar") calls open_session in session handler, and then calls 
read_session in the handler.
I assign a value to $HTTP_SESSION_VARS['myvar']
upon exit; write_session is called and the value passed is 
!myvar| <---- missing the value of $myvar.
close_session is called and thats that.


In the first example, why is write_session never called?
In the second example, why does !myvar| NOT have the value I assigned to it like so 
$HTTP_SESSION_VARS['myvar'] = "VarVar";

Thanks, Serge


The remainder of the comments for this report are too long.  To view the rest of the 
comments, please view the bug report online.

Full Bug description available at:

