PHP removes session after mysql_connect

Question

error_reporting(E_ALL);
session_start();
var_dump($_SESSION['user']);
require 'config/database.php';    
var_dump($_SESSION['user']);

i have problem because i lose session after include databse.php file...

database.php

$user = "xxx";
$password = "xxx";
$database = "xxx";
$server = '98.x.x.126';

mysql_connect($server, $user, $password);
mysql_select_db($database);

PHP ver: 5.2.17, shared server. on my local server which is 5.3 and 5.4 is working perfectly.

Update: i don't lose the session totally just the user value is changed to database name?

Update2:

var_dump($_SESSION['user']);
$user = "denes_lucky";
var_dump($_SESSION['user']);
$password = "123456X3M";
var_dump($_SESSION['user']);
$database = "denes_lucky";
var_dump($_SESSION['user']);
$server = '98.130.0.126';
var_dump($_SESSION['user']);

mysql_connect($server, $user, $password);
var_dump($_SESSION['user']);
mysql_select_db($database);
var_dump($_SESSION['user']);

the problem is after $user = "xxx";

Answer 1

The issue is that you are running an outdated version of PHP and have the register_Globals setting turned on. register_globals was a feature in PHP which made session and request variables global variables. This means that $_SESSION['user'] and $user refer to the same variable.

The best solution is to turn of register_globals in your php.ini (or even update to a recent PHP version not having the feature)

A workaround is to rename one of those variables.

See also: http://php.net/register_globals and http://php.net/security.globals

Answer 2

Turn off register_globals in your php.ini or in .htaccess

When they are turned on - assigning $user = 'foo'; also modified the contents of $_SESSION['user'] variable.