CODEWITHSUNDEEP
phpsessionglobal-variablessession-variables
Zack Peterson
Zack Peterson

Reputation: 57353

PHP session side-effect warning with global variables as a source of data

I'm trying to host a PHP web site that was given to me. I see this warning:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

What does this mean? How might I track down the source of this problem within the code?

Upvotes: 43

Views: 42727

Answers (5)

TARA
TARA

Reputation: 527

in my case, php.ini change from on to off

like this : 

session.bug_compat_42 = off
session.bug_compat_warn = off

if not working, restart apache

Upvotes: 1

Kzqai
Kzqai

Reputation: 23072

There seem to be a few problematic possibilities here:

http://www.spiration.co.uk/post/1231/Your-script-possibly-relies-on-a-session-side-effect

says that cases like this:

$_SESSION['firstname']=$_REQUEST['firstname'];

will trigger the warning.

Additionally, I interpret this php bug content: http://bugs.php.net/bug.php?id=41540 to mean that this error may also occur when you assign a variable to the session superglobal that is not yet initialized, e.g.

//Start of script
$_SESSION['bob'] = $bob;

Upvotes: 6

Ian
Ian

Reputation: 748

This is good information on finding out what's causing the warning, but I would recommend NOT shutting off the warnings Owen mentions. These runtime functions are removed in PHP 5.4.0 and the developer should get into the practice of avoiding such usage of variables.

To fix this, it may be a pain on the developers end, but if you have 

$_SESSION["user"]
$user;

rename the session to

$_SESSION["sessuser"];

Or vise-versa just as long as the session name and the variable name are different. Think of it this way: when you upgrade to the latest build, you'll have to debug your code anyhow.

Upvotes: 5

Praveen Kannan
Praveen Kannan

Reputation: 21

When you are making changes to the .htaccess ini_set does not work. You will need to do it as:

php_flag session.bug_compat_42 0
php_flag session.bug_compat_warn 0

Upvotes: 2

Owen
Owen

Reputation: 84513

basically you have a variable with the same name as your session. ex:

$_SESSION['var1'] = null;
$var1 = 'something';

which will reproduce this error. you can stop PHP from trying to find existing variables and warning you about them by adding these lines to your script:

ini_set('session.bug_compat_warn', 0);
ini_set('session.bug_compat_42', 0);

these values can be set in php.ini or .htaccess as well

Upvotes: 99

Related Questions