[nycphp-talk] session variables "evil"?
Jonathan Face
jface at mercenarylabs.com
Fri Dec 15 12:06:01 EST 2006
I just copied recreated your files and got:
session variables are GOOD
session variables are GOOD
You can see it here:
http://www.jonathanface.com/x.php
Sean wrote:
> Do you have register globals on?
>
> On 12/15/06, *LK* <lk613m at yahoo.com <mailto:lk613m at yahoo.com>> wrote:
>
> Just as I was reading this thread on sesion variables I was having
> a problem with my session variables getting changed on the fly
> seemingly for no reason. I've isolated this problem and condensed
> it to the bare minimum for you to see and comment upon:
>
> 1. Create a file x.php:
>
> <?php
> session_start();
> $_SESSION['x'] = "session variables are GOOD";
> ?>
>
> <html>
> <body>
> <a href="y.php">Go to y.php</a>
> </body>
> </html>
> 2. Create a file y.php
>
> <?php
> session_start();
>
> echo $_SESSION['x']."<br/>"; // outputs session variables are
> GOOD
>
> $x = "session variables are EVIL";
>
> echo $_SESSION['x']; // outputs session variables are EVIL
> ?>
> Point your browser to x.php and click on the link "Go to y.php" to
> invoke the y.php file.
>
> File x.php simply sets a session variable $_SESSION['x'].
>
> File y.php assigns an internal variable $x, and that all by itself
> blows away $_SESSION['x'].
>
> The _GET and _POST variables do not have this problem.
>
> It's an easy fix simply to use a different name instead of $x, but
> still... this is not a nice behaviour, if not an outright bug.
>
> - Leo.
>
>
>
> ----- Original Message ----
> From: Brian Dailey < support at dailytechnology.net
> <mailto:support at dailytechnology.net>>
> To: NYPHP Talk <talk at lists.nyphp.org <mailto:talk at lists.nyphp.org>>
> Sent: Thursday, December 14, 2006 11:49:22 AM
> Subject: Re: [nycphp-talk] session variables "evil"?
>
> I've been writing PHP for years now, and this is the first time I've
> been aware of anyone complaining about oddities with $_SESSION
> (granted,
> I use it for little else than tracking user information). What
> sort of
> "oddities" have you seen?
>
> - Brian
>
> Allen Shaw wrote:
> > Paul Houle wrote:
> >> most applications that use session variables are "broken by
> design".
> >>
> >
> > Really? That's a surprising assertion, though I'll agree my
> surprise
> > probably comes more from my own lack of insight than a flaw in your
> > argument. Of course a quick google shows a few people hold that
> session
> > vars are "evil," but I can't find much to back up the idea.
> >
> > Can you elaborate, or give us a few links on the topic?
> >
> > (BTW, Paul, I'm sure you're not speaking without experience,
> just want
> > to clarify my own understanding a little more.)
> >
> > - Allen
> >
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com <http://www.nyphpcon.com/>
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> <http://www.nyphp.org/show_participation.php>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com <http://www.nyphpcon.com>
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> <http://www.nyphp.org/show_participation.php>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>New York PHP Community Talk Mailing List
>http://lists.nyphp.org/mailman/listinfo/talk
>
>NYPHPCon 2006 Presentations Online
>http://www.nyphpcon.com
>
>Show Your Participation in New York PHP
>http://www.nyphp.org/show_participation.php
>
More information about the talk
mailing list