Write For Us
php
session
cakephp
e-notices

Undefined variable: $_SESSION

Viewed   764 times

I'm getting E_NOTICE errors in a core CakePHP file when it tries to reference a never-set or unset session (cake/libs/cake_session.php line 372):

function read($name = null) {
    if (is_null($name)) {
        return $this->__returnSessionVars();
    }
    if (empty($name)) {
        return false;
    }
    $result = Set::classicExtract($_SESSION, $name);
}

I've done a search through my code (in the app/ directory) and I can't find references to $_SESSION or session_destroy. Am I missing anything?

This error shows up when I try to run any unit tests. Is this...normal? I've cleared out the cake/ directory and replaced it with another one (same version) just to make sure that I hadn't inadvertently modified anything in the core files, but I still get the same error. I'm not sure if this is just a flaw in the framework or something else.

EDIT

Here are the results of the test run on the command line:

Welcome to CakePHP v1.3.11 Console
---------------------------------------------------------------
App : app
Path: /var/www/program/app
---------------------------------------------------------------
CakePHP Test Shell
---------------------------------------------------------------
Running app case models/owners_equity
E_NOTICE: Undefined variable: _SESSION in /var/www/program/cake/libs/cake_session.php on line 372
E_NOTICE: Undefined variable: _SESSION in /var/www/program/cake/libs/cake_session.php on line 372
ERROR->Unexpected PHP error [Undefined variable: _SESSION] severity [E_NOTICE] in [/var/www/program/cake/libs/cake_session.php line 372]
    in testGenerateOwnerWithdrawals
    in BalanceTestCase
    in /var/www/program/app/tests/cases/models/owners_equity.test.php

ERROR->Unexpected PHP error [Undefined variable: _SESSION] severity [E_NOTICE] in [/var/www/program/cake/libs/cake_session.php line 372]
    in testGenerateOwnerWithdrawals
    in BalanceTestCase
    in /var/www/program/app/tests/cases/models/owners_equity.test.php

 Answers

2

Turned out there was some extra code in the AppModel that was messing things up:

in beforeFind and afterFind:

App::Import("Session");
$session = new CakeSession();
$sim_id = $session->read("Simulation.id");

I don't know why, but that was what the problem was. Removing those lines fixed the issue I was having.

Wednesday, December 14, 2022
 
tevelikristof-2ec31a292029
 
tevelikristof-2ec31a292029
2

Notice: Undefined variable

From the vast wisdom of the PHP Manual:

Relying on the default value of an uninitialized variable is problematic in the case of including one file into another which uses the same variable name. It is also a major security risk with register_globals turned on. E_NOTICE level error is issued in case of working with uninitialized variables, however not in the case of appending elements to the uninitialized array. isset() language construct can be used to detect if a variable has been already initialized. Additionally and more ideal is the solution of empty() since it does not generate a warning or error message if the variable is not initialized.

From PHP documentation:

No warning is generated if the variable does not exist. That means empty() is essentially the concise equivalent to !isset($var) || $var == false.

This means that you could use only empty() to determine if the variable is set, and in addition it checks the variable against the following, 0, 0.0, "", "0", null, false or [].

Example:

$o = [];
@$var = ["",0,null,1,2,3,$foo,$o['myIndex']];
array_walk($var, function($v) {
    echo (!isset($v) || $v == false) ? 'true ' : 'false';
    echo ' ' . (empty($v) ? 'true' : 'false');
    echo "n";
});

Test the above snippet in the 3v4l.org online PHP editor

Although PHP does not require a variable declaration, it does recommend it in order to avoid some security vulnerabilities or bugs where one would forget to give a value to a variable that will be used later in the script. What PHP does in the case of undeclared variables is issue a very low level error, E_NOTICE, one that is not even reported by default, but the Manual advises to allow during development.

Ways to deal with the issue:

  1. Recommended: Declare your variables, for example when you try to append a string to an undefined variable. Or use isset() / !empty() to check if they are declared before referencing them, as in:

    //Initializing variable
$value = ""; //Initialization value; Examples
             //"" When you want to append stuff later
             //0  When you want to add numbers later
//isset()
$value = isset($_POST['value']) ? $_POST['value'] : '';
//empty()
$value = !empty($_POST['value']) ? $_POST['value'] : '';

    This has become much cleaner as of PHP 7.0, now you can use the null coalesce operator:

    // Null coalesce operator - No need to explicitly initialize the variable.
$value = $_POST['value'] ?? '';

  2. Set a custom error handler for E_NOTICE and redirect the messages away from the standard output (maybe to a log file): 

    set_error_handler('myHandlerForMinorErrors', E_NOTICE | E_STRICT)

  3. Disable E_NOTICE from reporting. A quick way to exclude just E_NOTICE is:

    error_reporting( error_reporting() & ~E_NOTICE )

  4. Suppress the error with the @ operator.

Note: It's strongly recommended to implement just point 1.

Notice: Undefined index / Undefined offset

This notice appears when you (or PHP) try to access an undefined index of an array.

Ways to deal with the issue:

  1. Check if the index exists before you access it. For this you can use isset() or array_key_exists():

    //isset()
$value = isset($array['my_index']) ? $array['my_index'] : '';
//array_key_exists()
$value = array_key_exists('my_index', $array) ? $array['my_index'] : '';

  2. The language construct list() may generate this when it attempts to access an array index that does not exist:

    list($a, $b) = array(0 => 'a');
//or
list($one, $two) = explode(',', 'test string');

Two variables are used to access two array elements, however there is only one array element, index 0, so this will generate:

Notice: Undefined offset: 1

$_POST / $_GET / $_SESSION variable

The notices above appear often when working with $_POST, $_GET or $_SESSION. For $_POST and $_GET you just have to check if the index exists or not before you use them. For $_SESSION you have to make sure you have the session started with session_start() and that the index also exists.

Also note that all 3 variables are superglobals and are uppercase.

Related:

  • Notice: Undefined variable
  • Notice: Undefined Index
Wednesday, September 28, 2022
 
matthy-61c08b9039b2
 
matthy-61c08b9039b2
3

There's nothing special whatsoever about POST requests and sessions.
You just need to call session_start at the top of every file request you want to use sessions in, that's it.

Try again with that in mind, it ought to work.

Friday, December 23, 2022
 
priyanshu_jha
 
priyanshu_jha
4

CakePHPs PHP session defaults (like all built-in defaults) do change the name of the cookie / the name of the session (session.name INI setting) to CAKEPHP:

https://github.com/cakephp/cakephp/blob/3.5.3/src/Network/Session.php#L133-L138

So you either have to change that to match the defaults used by your vanilla PHP app (which is most probably PHPSESSID, ie the PHP default):

'Session' => [
    'defaults' => 'php',
    'cookie' => session_name(), // would use the PHP default
],
// ...

or change the latter app to use the name configured for your CakePHP application:

session_name('CAKEPHP');
session_start();
// ...

Also make sure that the session.cookie_path and session.cookie_domain configuration covers both of your applications locations.

See also

  • Cookbook > Sessions > Session Configuration
  • Cookbook > Sessions > Setting ini directives
Tuesday, December 20, 2022
 
frank
 
frank
3

In PHP version 5.4.19 - developers closed the ability to set session.auto_start option from user script.

CakePHP removed this option from default session configuration only in 2.4.0 version.

So you have 3 main option: upgrade CakePHP, downgrade PHP, or use standard php session.

Tuesday, December 20, 2022
 
thebonsai
 
thebonsai
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
session
cakephp
e-notices
 
Share
Related Answers
246
 “Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
98
 Undefined variable: _SESSION when sending variables via post through JavaScript trigger
109
 codeigniter setting session variable with a variable not working
89
 Undefined variable: position
67
 session variable vs normal variable?
409
 Why I get “Undefined variable” in Laravel view?
468
 Undefined property: CI::$session
50
 Is it possible to unset a session variable with a specific and variable index?
71
 Undefined variable when declaring with concatenation
62
 php undefined variable, doesnt get unset
Top Answers Related To

php,session,cakephp,e-notices

158
 PHP session seemingly not working
62
 How to continue a CakePHP 3 session in a regular PHP script?
175
 Destroy a PHP session on clicking a link
69
 Has anyone created a PHP Session-like class in user code (not native)?
523
 PHP session not saved after curl call
52
 PHP Session: How to Edit Other user's Session / Editting Session file
95
 cakephp3 session deprecated
44
 Find out if a session with a particular id has expired
230
 PHP session destroy Trying to destroy uninitialized session
96
 CakePHP keeps logging me out
Write For Us · Blog · Privacy · Faqs · Terms of Use · Contact us ·