Your script possibly relies on a session side-effect

chris (2005-11-25 11:22:30)
21466 views
2 replies
This message is popping up on PHP-driven sites the world over.. The full warning looks like this:

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

This is occuring as a result of some security fixed which went into php with version 4.4. The intention is to prevent the direct transfer of global variables into the session array when register_globals is turned off. An example snippet of code which might cause this to happen is:

$_SESSION['firstname']=$_REQUEST['firstname'];
$_SESSION['lastname']=$_REQUEST['lastname'];
$_SESSION['position']=$_REQUEST['position'];
$_SESSION['email']=$_REQUEST['email'];
$_SESSION['landline']=$_REQUEST['landline'];			$_SESSION['phone']=$_REQUEST['phone'];								
$_SESSION['login']=$_REQUEST['login'];
$_SESSION['password']=$_REQUEST['password'];

The quickest way around this restriction (without turning on register_globals is to move the data over in two stages:

$firstname=$_REQUEST['firstname'];
$lastname=$_REQUEST['lastname'];
$position=$_REQUEST['position'];

and then

$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
$_SESSION['position']=$position;

And there you have it.
Just cheat your way around and PHP is happy again... Crazy, huh?!

christo
comment
cell
2009-12-25 08:45:35

Occurrence in Joomla

I am getting this error in my Joomla based web site, skicow.com. I can't see any direct assignments to/from $_SESSION using the same key as the assigned variable, however, there are assignments such as the following in the Joomla code:

$session_id = mosGetParam( $_SESSION, 'session_id', '' );

Can anyone tell me if this will cause the errors?
reply icon
chris
2009-12-26 20:02:04


$session_id = mosGetParam( $_SESSION, 'session_id', '' );

Can anyone tell me if this will cause the errors?


It really depends on what happens within mosGetParam. Either way, you shouldn't have to pass $_SESSION into the function lik'e that, instead you can call global within tihe function to make $_SESSION available:

function mosGetParam($sessionid){
   global $_SESSION;

   // access $_SESSION
}

As for why you are getting errors within that function, you would have to post the code for folks to look at first..

reply icon