$_REQUEST
When accidently assigning a unset variable to $_SESSION, like
$_SESSION['foo'] = $bar
while $bar was not defined, I got the following error message:
"Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. "
The errormessage was quite unrelated and got me off-track. The real error was, $bar was not defined.
$_SESSION
$HTTP_SESSION_VARS [obsoleta]
(PHP 4 >= 4.1.0, PHP 5)
$_SESSION -- $HTTP_SESSION_VARS [obsoleta] — Variables de sesión
Descripción
Es un array asociativo que contiene variables de sesión disponibles para el script actual. Ver la documentación de Funciones de sesión para más información sobre su uso.
$HTTP_SESSION_VARS contiene la misma información inicial pero no es una superglobal. (Nótese que $HTTP_SESSION_VARS y $_SESSION son diferentes variables y PHP las trata de forma distinta)
Historial de cambios
| Versión | Descripción |
|---|---|
| 4.1.0 | Se introdujo $_SESSION y $HTTP_SESSION_VARS quedó absoleta. |
Notas
Nota:
Esta es una 'superglobal' o una variable automatic global. Significa simplemente que es una variable que está disponible en cualquier parte del script. No hace falta hacer global $variable; para acceder a la misma desde funciones o métodos.
add a note
User Contributed Notes
$_SESSION
pike-php at kw dot nl
07-Feb-2011 07:00
Dave
17-Nov-2009 03:05
If you deploy php code and cannot control whether register_globals is off, place this snippet in your code to prevent session injections:
<?php
if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");
?>
charlese at cvs dot com dot au
04-Jul-2009 08:47
I was having troubles with session variables working in some environments and being seriously flaky in others. I was using $_SESSION as an array. It works properly when I used $_SESSION as pointers to arrays. As an example the following code works in some environments and not others.
<?php
//Trouble if I treate $form_convert and $_SESSION['form_convert'] as unrelated items
$form_convert=array();
if (isset($_SESSION['form_convert'])){
$form_convert=$_SESSION['form_convert'];
}
}
?>
The following works well.
<?php
if (isset($_SESSION['form_convert'])){
$form_convert = $_SESSION['form_convert'];
}else{
$form_convert = array();
$_SESSION['form_convert']=$form_convert;
}
?>
bohwaz
31-Aug-2008 04:43
Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references, so this may lead to some weird situations.
<?php
session_start();
$_SESSION['test'] = 42;
$test = 43;
echo $_SESSION['test'];
?>
Load the page, OK it displays 42, reload the page... it displays 43.
The solution is to do this after each time you do a session_start() :
<?php
if (ini_get('register_globals'))
{
foreach ($_SESSION as $key=>$value)
{
if (isset($GLOBALS[$key]))
unset($GLOBALS[$key]);
}
}
?>
Steve Clay
17-Aug-2008 08:28
Unlike a real PHP array, $_SESSION keys at the root level must be valid variable names.
<?php
$_SESSION[1][1] = 'cake'; // fails
$_SESSION['v1'][1] = 'cake'; // works
?>
I imagine this is an internal limitation having to do with the legacy function session_register(), where the registered global var must similarly have a valid name.
jherry at netcourrier dot com
01-Aug-2008 06:16
You may have trouble if you use '|' in the key:
$_SESSION["foo|bar"] = "fuzzy";
This does not work for me. I think it's because the serialisation of session object is using this char so the server reset your session when it cannot read it.
To make it work I replaced '|' by '_'.