session_register("c");
unset($c);
$c = time();
If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.
During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.
Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:
IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.
The extension emits this warning once per script, unless told otherwise.
"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.
This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.
This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).
Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.
ext/session/session.c(272) : Freeing 0x0818F01C (12 bytes), script=test
Obviously, the newly allocated empty zval is not properly freed. If anyone
has any idea on how to fix that, please step forward.
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>. We now actually check whether they work successfully
before using them.
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
are simply appended instead of traversing the hash table on each
URL/form.
also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.
remove remove_var, add reset_vars. move the function declarations
into the right header file.
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
the fd.
Also rip out the broken O_EXCL use. Our file names are not unique and
this left a small window open where creating a session file would fail
(a, b notice that the file does not exist; a creates the file successfully;
b tries to create, but fails due to O_EXCL).
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.
Noticed by: Matt Allen
