Posted by Richard Lynch on 05/12/05 04:48

On Wed, May 11, 2005 4:46 pm, Webmaster said:
> I have an application that occasionally drops a session array element
> value.
>
> $_SESSION['userData'] = $userData;
>
> this to happen? Has anyone else experienced this sort of occasional
> anomaly?

YES!

Granted, in my case, it was a short-lived buglet in PHP, and it was more
predictable because I was doing the same thing every time, but...

Basically, what was happening in MY case was this:

$foo = $_SESSION['foo'];

This was putting a "string reference" (which doesn't even exist as a data
type in PHP, but that's what it was in reality) into $foo.

Then, later, in other processing, I might do:

$foo = 'some other value than was was in $foo';

And, POOF! my value in $_SESSION['foo'] was altered!

Because $foo was a "string reference" being passed back from the PHP code
that pulled data out of $_SESSION.

I filed a bug report at http://bugs.php.net, and it's labeled as "fixed in
CVS"

Short term, I just stopped re-using $foo as a variable name.

It's entirely POSSIBLE that you have something similar going on.

One tell-tale was that doing a var_dump($_SESSION) or var_dump($foo) would
show something not un-like:

&(string X) "foo data"
where X is the string length, instead of just:
(string X) "foo data"

The tell-tale presence of & is what made me realize that I was somehow
getting a "string reference" and that was messing with my data when I
re-used variables.

The annoying thing was that this made scrubbing my $_SESSION data
difficult -- and I had people telling me that I should be copying stuff
out of $_SESSION, but on a shared server, I don't trust $_SESSION data!

So I want to copy it out to $foo, and do, say, a regex on it, and compare
the result to the original $_SESSION['foo'] and if they don't match, I
consider that data hacked/invalid, because I know it's supposed to be the
same before/after this Regex.

Yet, if the string is a reference, well, then, the Regex applied to the
reference was getting applied to the $_SESSION element...

Anyway, make a long story short, it was quite confusing and more than a
little annoying to be trying to scrub data that was always a reference and
kept changing out from under me when I used it.

This may NOT be what's happening to you... Or it might be another
manifestation of the same buglet.

--
Like Music?
http://l-i-e.com/artists.htm

• Next in forum: Re: [PHP] MySql injections (related question)
• Prev in forum: Re: [PHP] PHP 5.0. Save classes in a session. Need help now
• Thread view: Re: [PHP] Session Array using array_pop and array_unshift

[Reply to this message]