From: [EMAIL PROTECTED]
Operating system: linux 2.2.18 - glibc 2.1.3
PHP version: 4.1.0
PHP Bug Type: Session related
Bug description: sessions and register_globals
There is something I don't understand.
I've updated to v4.1.0 and noticed that the recommended
configuration defaults register_globals to *Off*. I
understand the security reasons behind this choice. I've
tried to run one of my projects with the new interpreter
and the recommended settings (register_globals=Off). After
resolving a plenty of warnings, I noticed that things were
not working as I expected.
This is a sample code:
<?
session_register('PIPPO');
if (empty($PIPPO)) {
$PIPPO = "ONE";
} else {
$PIPPO = "TWO";
}
$sidfile = "/tmp/sess_" . $_COOKIE['PHPSESSID'];
echo "Session file $sidfile contains: <pre>";
readfile($sidfile);
echo "</pre>";
echo "The value is: $PIPPO<br>";
?>
When I run and reload the script I get:
Session file /tmp/sess_87...blahblah...3e contains:
PIPPO|s:3:"ONE";maxrating|N;
The value is: ONE
Why the first run sets the session variable to "ONE" and
the second run can't get it's value? In the latter case I
guess the answer is: "because you have to access it through
$HTTP_SESSION_VARS", but ... shouldn't it had to be the
same in the former case?
--
Edit bug report at: http://bugs.php.net/?id=14540&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
