$_SESSION problem

[brosjr]

Hi all,

 

I'm in trouble with a strange problem. At the system login a script sets a $_SESSION['status'], this keeps user status for admin (a), user (u), and so on...

 

In another part of the system I need to post a value also called 'status':

 

<input value="N" type="hidden" name="status"/>

 

and this 'status' value has nothing to do with 'status' session. The problem is that when I post the value 'N' it overwrite the session value, crashing the system then.

 

The most strange is that on the localhost the problem does not happen, it only occurs on the server.

 

Any clue?

 

Thankx 

Danilo Jr.

[PFMaBiSmAd]

Your web host has register_globals turned on.

 

If none of your existing scripts are dependent on this feature (overwriting session and program variables from same named post/get/cookie variables), then you should turn register_globals off ASAP because this is a security hole (being able to set session variables to anything you want) and a lot of web sites have been taken over.

 

If php is running as a CGI application on your web server, you should be able to turn this setting of in a local php.ini. If php is running as an Apache Module on your web server, you should be able to turn this setting off in a .htaccess file.

 

FYI: register_globals were turned off by default over 9 years ago in April of 2002.

[brosjr]

PFMaBiSmAd,

 

My server does not allow me to set such feature, but it makes sense once on my wamp localhost the register_globals is set as OFF.

 

I'll check and hope for this solution.

 

Thanks a lot! 

Danilo Jr.

[fugix]

if you use cpanel or something similar you should have a php.ini file in you home directory

[brosjr]

PFMaBiSmAd,

 

My server has set register_globals as OFF and now everything is working fine!

 

Thank you!

Danilo Jr.