Hello,
i discovered bug in sessions:
when using unset($_SESSION[...]) insted session_unregister(...) and
before calling read _$SESSION[...] variable WILL NOT unset.
please try these examples and see result.
here is method how to produce this bug (you must have cookies enabled):
1. run script
2. reload page (you should see 2 $_SESSION arrays with the same value)
3. click on unset link
4. now you should see first array filled with test value and second
should be empty - that's OK - but variable test should be deleted from
session
5. reload page
6. here is BUG: i unset session variable test so i shouldn't exists,
but exists.
---
7. comment line marked #fatal
and go to repeat process from begining
on step 6. both arrays will be empty!!!!
----------------cut here----------------------------------------------
<?php
session_start();
echo '<pre>';
print_r($_SESSION);
if (isset($_GET['submit'])) {
$test = $_SESSION['test']; # fatal
unset($_SESSION['test']);
} else {
$_SESSION['test'] = 'this is test';
}
echo '<a href="'.$_SERVER['PHP_SELF'].'?submit=yes">unset</a><br>';
print_r($_SESSION);
echo '</pre>';
?>
----------------cut here----------------------------------------------
replace unset($_SESSION['test']); with
session_unregister('test'); and repeat process - here will be
everything OK.
http://www.php.net/manual/en/ref.session.php (see Example 3.)
Tested on PHP 4.2.1 (win, Debian).
Epilogue: using unset at $_SESSION array is NOT safe.
Regards,
Michal Dvoracek [EMAIL PROTECTED]
Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech Republic
tel.: ++420 2 3337 1117, fax: ++420 2 3337 1112
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
