Preventing $_SESSION variables from being overwritten

[timothyb89]

I've been confused about some errors that I've been getting lately, and I've finally found the cause. Apparently, variables stored in $_SESSION['xxx'] are being overwritten when you assign a value to $xxx. This is particularly annoying with local variables with names like $user, that are commonly used on the website. Is there any way to prevent this, or does anyone have a recommendation on ways of getting around this?

 

-Thanks!

[papaface]

Turn off register globals.

[PFMaBiSmAd]

Yes. You have discovered what was wrong with register_globals. Someone can also visit your site with ?xxx=myvalue on the end of the URL and set $_SESSION['xxx'] = myvalue.

 

Your host should not have register_globals turned on (this problem has been known since 2002 and register_globals have been turned off by default since then and they have been completely removed in php6.) Either turn register_globals off if you can or rename your variables to have unique names.

[timothyb89]

I couldn't turn it off, but I found a function that unsets all of the registered variables, and everything is working perfectly.

 

Thanks for the help!