i discovered bug in sessions:

when using unset($_SESSION[...]) insted session_unregister(...) and
before calling read _$SESSION[...] variable WILL NOT unset.

please try these examples and see result.

here is method how to produce this bug (you must have cookies enabled):
1. run script
2. reload page (you should see 2 $_SESSION arrays with the same value)
3. click on unset link
4. now you should see first array filled with test value and second
should be empty - that's OK - but variable test should be deleted from
5. reload page
6. here is BUG: i unset session variable test so i shouldn't exists,
but exists.

7. comment line marked #fatal

and go to repeat process from begining
on step 6. both arrays will be empty!!!!

----------------cut here----------------------------------------------
echo '<pre>';


if (isset($_GET['submit'])) {
        $test = $_SESSION['test'];                      # fatal
} else {
        $_SESSION['test'] = 'this is test';
echo '<a href="'.$_SERVER['PHP_SELF'].'?submit=yes">unset</a><br>';
echo '</pre>';
----------------cut here----------------------------------------------

replace        unset($_SESSION['test']); with
session_unregister('test'); and repeat process - here will be
everything OK.

http://www.php.net/manual/en/ref.session.php (see Example 3.)

Tested on PHP 4.2.1 (win, Debian).

Epilogue: using unset at $_SESSION array is NOT safe.

Michal Dvoracek                          [EMAIL PROTECTED]
Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech Republic
tel.: ++420 2 3337 1117, fax:  ++420 2 3337 1112

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to