PHP session variables interchanged with local variables?

Question 1

I've encountered a very odd issue in regards to session variables and local variables in php.

I'm trying to figure out if I am not understanding something about sessions in php or if this is an issue with the php version my host is using.

Here is a very simple code to demonstrate the weird issue:

session_start();  
var_dump($kenny);  
var_dump($_SESSION['kenny']);  
$_SESSION['kenny']='def';  
var_dump($kenny);  
var_dump($_SESSION['kenny']);  
$kenny = 'abc';  
var_dump($kenny);  
var_dump($_SESSION['kenny']);

The first time I run the code, I get the following results (as one would expect):

NULL NULL NULL string(3) "def" string(3) "abc" string(3) "def"

I run it a second time (without closing my browser, of course), I get this now!

string(3) "def" string(3) "def" string(3) "def" string(3) "def" string(3) "abc" string(3) "abc"

I run it a 3rd, 4th, 5th time and so on, I get this!!!

string(3) "abc" string(3) "abc" string(3) "def" string(3) "def" string(3) "abc" string(3) "abc"

It looks to me like the session variable 'kenny' and local variable $kenny become aliases to one and the other after running the script more than once. hmm... I really don't think this is how session variables and local variables work in php. Please correct me if I'm missing something here.

My web host is running php 5.2.2. When I try this exact same code on other hosts running php 5.2.1, 5.2.14 and 5.3.1, they always give me what I expect:

1st time:

NULL NULL NULL string(3) "def" string(3) "abc" string(3) "def"

thereafter:

NULL string(3) "def" NULL string(3) "def" string(3) "abc" string(3) "def"

I checked the change log on php.net and didn't find anything that I can relate to that may address this issue. But like I mentioned, an earlier build (5.2.1) works ok, so that's very puzzling to me.

If anyone runs any other version of php 5.2.x, please give it a try and let me know if you see the same issue. Or if anyone has any insight into the issue, I'd really appreciate any feedback.

Thanks a million!

Question 2

This is probably because the register_globals directive is on. It doesn't say it on that page that $_SESSION variables are included, but it says here:

If register_globals is enabled, then the global variables and the $_SESSION entries will automatically reference the same values which were registered in the prior session instance. However, if the variable is registered by $_SESSION then the global variable is available since the next request.

Question 3

You should not use session_register function when you use $_SESSION superglobal array and you did not start your session. Try

/* Login page */
session_start();

$_SESSION['myusername'] = $_POST['myusername'];

header("location:page.php");

/* page.php */

session_start();

<?php echo $_SESSION[myusername]; ?>

Question 4

If you look closely to my answearin your previous question the very first thing mentioned (written in bold) was exactly this:

Maybe a session is started from a file that is included and this should not happen!

Vineet is correct and I will expand his right answear a bit more!

When you include the file child.php into the father.php you must think of the code found in child.php as being part of father.php One of the first things you do in a father.php script (like index.php) is a session start. You do not start a session in an included script because this might create some conflict as an other session could have been started already.

And if you have many files, (even worse if some of them are both included or executed directly cause of no single entry point) then how easy is to manage all this?!

You said this:

Thanks but the problem doesn't come from the structure of my site

Well this might not be entirely true! The thing is that writing old school code (no mvc, no single entry point, not really object oriented) has the benefit that has a very easy learning curve. HOWEVER while such code is easy to write the thing is that such code requires more skills to avoid errors!

On the other hand the object oriented aproach has more difficulty to get started cause there are more things to learn (objects, prototypes, interface, relatinships (belong-to, is part of) etc etc ) and requires a different behaviour. HOWEVER you definetely will benefit more!

A last thing! Well a well structred-site makes the session manage a thing of a few lines, writen only once at the very begining and that's it all.

I am glad that you are twoards solving you problem!

Question 5

because what i understand from it is, that it is going to create a new session.

No:

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

http://php.net/session_start

Each new page you visit is an entirely new context for PHP. session_start allows you to reestablish a previous context/session/data.

PHP session variables interchanged with local variables?

Answers

php,session,variables,local