Changing PHP session variable when I reference it

Question

Changing PHP session variable when I reference it

when i store data in a variable like:

 // inside the login page
 $_SESSION['username'] = $username;
 $_SESSION['user_id'] = $user_id;

and I am referring to this SEASON on another page, for example:

// on the users homepage
$new_variable = $_SESSION['username'];

changes the value to something other than the database.

OR for example if I create a new variable named $ user_id

 // creating a new variable in the users inbox
 $user_id = 12312;

it also changes the SESSION value.

Does anyone know where I am going wrong?

Thank!

+2

php session

Stephen 27 oct. '09 at 1:07

source to share

2 answers

Disable register_globals in php.ini

+3

Cesar 27 oct. '09 at 1:12

source to share

David Snabel-Caunt · Accepted Answer · 2009-10-27T01:12:24+0000

Sounds like register_globals. This means that $ _SESSION and global variables will effectively work as the same thing. You should set register_globals to Off if you control the hosting, and if not, ask the host. Finally, you should probably move your hosting as it is very insecure and difficult to program securely.

You can demonstrate this problem with other global arrays, including $ _GET.

See http://php.net/manual/en/security.globals.php for details

Changing PHP session variable when I reference it

More articles: