Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 05-11-2005, 01:43 AM   #1 (permalink)
d*d
Addict
 
d*d's Avatar
 
PHP converting $_SESSION to $HTTP_SESSION_VARS

I had some scripts which used $_SESSION to register variables to a session, each page had session_start() at the top of the script and everything worked fine, however I now need to change them for php 4.0.6 and simply replacing $_SESSION with $HTTP_SESSION_VARS is not working
why????
d*d is offline  
Old 05-11-2005, 03:35 PM   #2 (permalink)
Once upon a time...
 
could it be a register_globals issue?
http://ie.php.net/session_register
__________________
--
Man Alone
=======
Abstainer: a weak person who yields to the temptation of denying himself a pleasure.
Ambrose Bierce, The Devil's Dictionary.
manalone is offline  
Old 06-01-2005, 06:48 AM   #3 (permalink)
Junkie
 
$HTTP_SESSION_VARS is not an auto-global, if I remember correctly. That means it is outside the scope of any function or method in your script. You could use register_globals, but that assumes your sysadmin will allow you to set PHP directives. If you can't do that, try putting this line in every function or method that refers to the session variables:

Code:
function my_func() {
global $HTTP_SESSION_VARS;
echo $HTTP_SESSION_VARS['some_var'];
}
SinisterMotives is offline  
Old 06-01-2005, 09:36 AM   #4 (permalink)
Addict
 
Yeah.
$HTTP_SESSION_VARS is deprecated and should only be used on old versions of php. (pre 4.06) So it seems you're going back in time here...

That and many others were changed when PHP grew up a little.
There were bad security holes and they changed the globals to correct it.
I had a similar problem with legacy code a few months back.
http://www.tfproject.org/tfp/showthr...&highlight=php
Quote:
Originally Posted by WillyPete
F#ckit! GRRRRRRRRRRR!

Note to people new to PHP and having to take care of older code:
You need to turn Register_globals in php.ini to 'on' for older coded variables to work.
Either that or the more secure way of rewriting the variable to meet secure standards of taking script variables in from the URL line. ( $_GET )
Following my advice, if you turn the on you will pretty much set the php security to pre v4 levels.

Here's what I ended up having to do. Using $_GET, instead of some basic variables.
($preset was just another variable that was used to pull stuff from the URL - queries were passed in the url.)

Compare this: (PHPv5)
PHP Code:
if ($preset)
    {if (
file_exists ($presetsdir.$preset.".preset"))
        {include (
$presetsdir.$preset.".preset");
        }
        else
        {
$t="no such preset";
        }
    } 
To this: (PHPv3)

PHP Code:
if(!isset($_GET['preset'])){$preset "";}
    else{
$preset $_GET['preset'];}
if (
$preset)
    {if (
file_exists ($presetsdir.$preset.".preset"))
        {include (
$presetsdir.$preset.".preset");}
        else
        {
$t="no such preset";}
    } 
Also, have a look at these:
http://us4.php.net/manual/en/functio...n-register.php
Quote:
If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().
http://www.mcs.vuw.ac.nz/technical/s...ef.session.htm
Quote:
Note: As of PHP 4.1.0, $_SESSION is available as global variable just like $_POST, $_GET, $_REQUEST and so on. Not like $HTTP_SESSION_VARS, $_SESSION is always global. Therefore, global should not be used for $_SESSION.

If track_vars is enabled and register_globals is disabled, only members of the global associative array $HTTP_SESSION_VARS can be registered as session variables. The restored session variables will only be available in the array $HTTP_SESSION_VARS
http://www.alexking.org/blog/2003/10...p-superglobal/
Quote:
I’m using the $_SESSION superglobal in my multi-user tasks development instead of the older $HTTP_SESSION_VARS superglobal. To keep backward compatability, I was creating a $_SESSION variable if one didn’t already exist and just setting it to $HTTP_SESSION_VARS. This way, I could just always look for the $_SESSION variable and still be compatible with older versions of PHP.

If you are running a version of PHP that doesn’t have the $_SESSION variable, I need to declare the $_SESSION variable I created as a global variable within a function if I want to reference the data in the $_SESSION. If I declare the $_SESSION variable as global in a version of PHP that already has the $_SESSION variable, I break it.

One solution would be to write my own code for putting and retrieving data into sessions. I could wrap everything and talk to either the $_SESSION or $HTTP_SESSION_VARS as needed. I’d also have to do this for the $_REQUEST variable and others. This would be a lot of extra code. Actually, I bet I’ve already broken this somewhere. Turning on globals is not an option.

And finally, a page where someone actually writes a walkthrough of the same issue:
http://www.phpbuilder.com/tips/item....6&print_mode=1
WillyPete is offline  
 

Tags
$httpsessionvars, $session, converting, php


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:41 PM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360