register_globals and get post cookie session data - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

register_globals and get post cookie session data

problem solved - just venting

ergophobe

11:56 pm on Jan 29, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I finally solved a problem that has had me tearing my hair out for a couple of hours. Mostly I'm just venting, but perhaps this will be a useful cautionary tale for someone.

A script that was working fine on one server failed miserably on a second server. The biggest problem is that I was losing session data, but only some session data. It didn't make sense. I tried a bunch of stuff, not dice.

Finally I ran phpinfo() on both servers, saved the pages, and put them into a file compare utility. Pretty much the same. The original server had register_globals off and the new one had it on, but my script didn't depend on any globals....

except that my script depended in there not being any globals.
So let's say I had:

$_SESSION['var'] = "This is some text";
$var = "No text here";
echo $_SESSION['var'];

On the original server (register_globals off) that would output "This is some text" but on the new server "No text here".

Rather stupid and obvious in retrospect, but it took me a while to track it down. Now I know better!

Tom

coopster

12:10 am on Jan 30, 2004 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

LOL! Laughing with you, of course, and not at you.

I tried a bunch of stuff, not dice.

I think that was the problem, you should have tried dice first.

jatar_k

12:32 am on Jan 30, 2004 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

I have had some strange issues like that as well. Since we always code for a scenario has register_globals off it is easy to adopt habits that geared towards what we design in.

I once got seesion, post and get all beating each other up and had to give up for a day or so just to preserve my sanity. :)

ergophobe

3:00 am on Jan 30, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Coopster - freudian slip indicating my feeling that dice might have solved it quicker.

coopster

1:46 pm on Jan 30, 2004 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

ergophobe, you know how to make me LOL :)

...it is easy to adopt habits that geared towards what we design in.

That's good though, jatar_k. We design that way because we've done our homework and we know how it should be developed. And implemented. We also know how the configuration directives should be set. We know when to use security and how to do it.

That's the toughest part about contract web development in which the code will be hosted on a server in which you have little or no control. Not only do we have to code to standards for the user agent (UA), all-the-while having no control over the client-side interface, we also have to code to certain standards and specifications for the server-side, which could be a combination of various OS, security and servers, let alone various configurations and directives! I think this came up once before [webmasterworld.com] in a conversation with ergophobe.

It sure forces you to stay on top of your game...

ergophobe

1:44 am on Jan 31, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

They say once you hit 40 (which I have), you should do things like take a different route to work, brush your teeth with the non-dominant hand and other things to keep the mind from becoming stultified.

I think working with servers that have different (albeit insecure) configuations must qualify. Remember...

it's good for your health,
it's good for your health,
it's good for your health.

I've got to just keep telling myself that....

ergophobe, you know how to make me LOL :)

Someone has to look out for your mental health during those harsh Wisconsin winters.

Tom

bobnew32

11:45 pm on Feb 1, 2004 (gmt 0)

10+ Year Member

Yo I hear you when you say you have to vent. I did the same exact thing whilst creating my forum software. Whenever someone made a reply or a quote, they would change session user ids and become that person's identity. Pretty annoying after taking me forever to track it down!