Reputation: 2227
php session variables wierd behaviour
I am setting a session variable in PHP as follows:
$_SESSION['pass'] = $pass;
where $pass is some password, ie. "test4;" The session variable on the left side works fine, but I found to my surpise and concern that $pass on the right side also seems to be a session variable, that is, once set, I can echo $pass from any page and it seems to persist until I destroy the session.
What gives? How can I prevent this?
Thanks!
Upvotes: 0
Views: 80
Answers (2)
Reputation: 15476
Register globals is probably on - which is a huge security risk! Check to see if this is the case, and make sure it's off. Also, it's a deprecated method.
If register_globals is enabled, you can turn it off either by changing this setting in php.ini OR by placing this in a .htaccess file:
php_flag register_globals off
Upvotes: 4
Reputation: 1315
You are assigning the session and the $pass to be equal to each other. Try just using
if(!isset($_SESSION['pass']))
With whatever information you want to validate
Upvotes: -1