RE: [PHP] bug in sessions

Sun, 30 Jun 2002 07:43:23 -0700 

Same for me (PHP4.2.1 on Win). Unset removes the variable from the
session for the duration of the script, but doesn't actually remove it
from the session. Using session_unregister() does remove the variable
from the session. You should post it as a bug, Michal, or tell them to
change the documentation.

---John Holmes...

> -----Original Message-----
> From: Michal Dvoracek [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 30, 2002 7:37 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] bug in sessions
> 
> Hello,
> 
> i discovered bug in sessions:
> 
> when using unset($_SESSION[...]) insted session_unregister(...) and
> before calling read _$SESSION[...] variable WILL NOT unset.
> 
> please try these examples and see result.
> 
> here is method how to produce this bug (you must have cookies
enabled):
> 1. run script
> 2. reload page (you should see 2 $_SESSION arrays with the same value)
> 3. click on unset link
> 4. now you should see first array filled with test value and second
> should be empty - that's OK - but variable test should be deleted from
> session
> 5. reload page
> 6. here is BUG: i unset session variable test so i shouldn't exists,
> but exists.
> ---
> 
> 7. comment line marked #fatal
> 
> and go to repeat process from begining
> on step 6. both arrays will be empty!!!!
> 
> ----------------cut here----------------------------------------------
> <?php
> session_start();
> echo '<pre>';
> 
> print_r($_SESSION);
> 
> if (isset($_GET['submit'])) {
>         $test = $_SESSION['test'];                      # fatal
>         unset($_SESSION['test']);
> } else {
>         $_SESSION['test'] = 'this is test';
> }
> echo '<a href="'.$_SERVER['PHP_SELF'].'?submit=yes">unset</a><br>';
> print_r($_SESSION);
> echo '</pre>';
> ?>
> ----------------cut here----------------------------------------------
> 
> 
> replace        unset($_SESSION['test']); with
> session_unregister('test'); and repeat process - here will be
> everything OK.
> 
> http://www.php.net/manual/en/ref.session.php (see Example 3.)
> 
> Tested on PHP 4.2.1 (win, Debian).
> 
> Epilogue: using unset at $_SESSION array is NOT safe.
> 
> Regards,
> Michal Dvoracek                          [EMAIL PROTECTED]
> Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech
Republic
> tel.: ++420 2 3337 1117, fax:  ++420 2 3337 1112
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to