[nycphp-talk] session variables "evil"?
Sean
sean712 at gmail.com
Fri Dec 15 11:58:46 EST 2006
Do you have register globals on?
On 12/15/06, LK <lk613m at yahoo.com> wrote:
>
> Just as I was reading this thread on sesion variables I was having a
> problem with my session variables getting changed on the fly seemingly for
> no reason. I've isolated this problem and condensed it to the bare minimum
> for you to see and comment upon:
>
> 1. Create a file x.php:
>
> <?php
> session_start();
> $_SESSION['x'] = "session variables are GOOD";
> ?>
>
> <html>
> <body>
> <a href="y.php">Go to y.php</a>
> </body>
> </html>
> 2. Create a file y.php
>
> <?php
> session_start();
>
> echo $_SESSION['x']."<br/>"; // outputs session variables are GOOD
>
> $x = "session variables are EVIL";
>
> echo $_SESSION['x']; // outputs session variables are EVIL
> ?>
> Point your browser to x.php and click on the link "Go to y.php" to invoke
> the y.php file.
>
> File x.php simply sets a session variable $_SESSION['x'].
>
> File y.php assigns an internal variable $x, and that all by itself blows
> away $_SESSION['x'].
>
> The _GET and _POST variables do not have this problem.
>
> It's an easy fix simply to use a different name instead of $x, but
> still... this is not a nice behaviour, if not an outright bug.
>
> - Leo.
>
>
>
> ----- Original Message ----
> From: Brian Dailey <support at dailytechnology.net>
> To: NYPHP Talk <talk at lists.nyphp.org>
> Sent: Thursday, December 14, 2006 11:49:22 AM
> Subject: Re: [nycphp-talk] session variables "evil"?
>
> I've been writing PHP for years now, and this is the first time I've
> been aware of anyone complaining about oddities with $_SESSION (granted,
> I use it for little else than tracking user information). What sort of
> "oddities" have you seen?
>
> - Brian
>
> Allen Shaw wrote:
> > Paul Houle wrote:
> >> most applications that use session variables are "broken by design".
> >>
> >
> > Really? That's a surprising assertion, though I'll agree my surprise
> > probably comes more from my own lack of insight than a flaw in your
> > argument. Of course a quick google shows a few people hold that session
> > vars are "evil," but I can't find much to back up the idea.
> >
> > Can you elaborate, or give us a few links on the topic?
> >
> > (BTW, Paul, I'm sure you're not speaking without experience, just want
> > to clarify my own understanding a little more.)
> >
> > - Allen
> >
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061215/3f077f32/attachment.html>
More information about the talk
mailing list