[nycphp-talk] session variables "evil"?
Allen Shaw
ashaw at polymerdb.org
Fri Dec 15 12:14:56 EST 2006
LK wrote:
> Just as I was reading this thread on sesion variables I was having a
> problem with my session variables getting changed on the fly seemingly
> for no reason. I've isolated this problem and condensed it to the bare
> minimum for you to see and comment upon:
> ...
>
> this is not a nice behaviour, if not an outright bug.
Hi Leo,
That looks like pretty odd behavior. What version of PHP is it?
This may be relevant, from the PHP manual
http://www.php.net/manual/en/ref.session.php :
session.bug_compat_42 boolean
PHP versions 4.2.3 and lower have an undocumented feature/bug that
allows you to initialize a session variable in the global scope, albeit
register_globals is disabled. PHP 4.3.0 and later will warn you, if this
feature is used, and if session.bug_compat_warn is also enabled. This
feature/bug can be disabled by disabling this directive.
session.bug_compat_warn boolean
PHP versions 4.2.3 and lower have an undocumented feature/bug that
allows you to initialize a session variable in the global scope, albeit
register_globals is disabled. PHP 4.3.0 and later will warn you, if this
feature is used by enabling both session.bug_compat_42 and
session.bug_compat_warn.
Looks like the PHP developers agree with you, at least half-admitting
that it's a bug.
--
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)
More information about the talk
mailing list