View Full Version : Using unset on a SESSION variable always executes

02-19-2010, 08:32 AM
I am currently using this code:

function clear_session_variables($prefix) {
print("Check session vars<br />"); // This line executes correctly
if (strlen($prefix) <= 0) { return; }
foreach ($_SESSION as $key => $val) {
print("Check session var: " . $key . "<br />"); // This line executes correctly
if (substr($key,0,strlen($prefix)) != $prefix) { continue; }
print("Clearing session var: " . $key . "<br />"); // This line executes correctly
$_SESSION[$key] = "ASDF"; // PROBLEM LINE! // This ALWAYS executes

...which is only called sometimes, as follows:

if ($Name != "new") {
print("Clearing VARS!<br />"); // This executes correctly
clear_session_variables("EXT_"); // This ALWAYS executes
Note that for this particular problem, $Name is ALWAYS equal to "new".

However, even though no lines (like the "Check session vars" line) are ever printed, the PROBLEM LINE always executes. If I comment that line out, or add a break above it, it obviously does not execute (however it does tell me that this is the problem code).

Does anyone know why that line is executing even when the print lines above it are not?

PS: It is worth noting that ONLY the session variables prefixed with EXT_ are affected. Other session variables are not. It's like this function is being called by itself without printing the lines out. :S
PPS: It also does not execute if I comment out the call to clear_session_variables. However, the print line above this call never executes either!
PPPS: Also, if I change the line if ($Name != "new") { to if ("new" != "new") {, then that line does not execute... :S I have also tried: if (strcasecmp($Name,"new")) {.

Thanks in advance!

02-19-2010, 09:48 AM
How do you know it is executing: are you dumping the state of $_SESSION before and after the code? The nature of $_SESSION is that it is persistent, so if that code has ever fired and the value has not been reset elsewhere it will retain that value.

Try print_r($_SESSION); before and after the code and if it is genuinely the issue as you described it I will take a look, but I strongly suspect it is not....



PS just tested the code it appears to work as I would expect, supports my view above that you are getting confused by/about $_SESSION persistence

02-20-2010, 07:38 AM
I am already checking the _SESSION contents, and they result as such: before the call to clear_session_variables they are all correct (i.e. same values from the previous page), which is what I expected and desire. However, after that call, the session variables beginning with EXT_ are all set to "ASDF" whereas no other session variables are touched. And as stated, none of the print lines are executing.

Thanks for the information and suggestion, though.

Ok, I tried something totally crazy, and I'm even more stumped now. The call to clear_session_variables is somewhere on line 141 of my index.php. The function containing this call is called from line 258. The session is started on line 5.
Now here's the weird part:
Line 6 (after session start): $_SESSION['EXT_test'] == 'ASDF'
Line 139 (before call to clear_session_variables): $_SESSION['EXT_test'] == 'ASDF'
Line 143 (after said call): $_SESSION['EXT_test'] == 'ASDF'
Now, on line 259, after the page is finished, I set $_SESSION['EXT_test'] to "1".
Line 260: $_SESSION['EXT_test'] == '1'
Now, when I refresh the page, you'd think that on line 6, $_SESSION['EXT_test'] would be equal to '1', but it's not--I get exactly the same results as above. However, if I comment out the call to clear_session_variables, then on line 6, $_SESSION['EXT_test'] is == '1'.

So, it seems to me that the clear_session_variables call is being called before the session even starts, or between pages, or something... I just really honestly have no idea. It's equal to '1' after the page has loaded, but refresh and it's equal to 'ASDF' before loading. :\

Also, by line 6, the file containing the definition of the clear_session_variables function isn't even INCLUDED yet...

Err, okay. I fixed it. Apparently the $Name variable, which was $this->m_Base->m_PageName, was invalid (even though print($Name); appeared correct...). I instead used another variable, and for some reason, everything is now working properly. This seems like some kind of bug in PHP, where if a variable is nested in a class, the $_SESSION stuff in it seems to execute regardless of if it should or shouldn't. Will consider reporting this to the PHP developers...

02-20-2010, 05:42 PM
I would say it is very unlikely this is a PHP bug (though always possible ofc).

I think you might have hit the nail on the head when you said "between pages" - is it possible that another script is being run and redirecting, hence why you were not seeing the print statements and why the value appeared to already be set at the start of the page that is finally displayed in the browser?

Another possibility would be output buffering - if you are output buffering before the call to the function then clearing the output buffer after the call that would explain why none of the output from the prints is visible.

My money would be on a redirect as it sound slike this code is part of a larger app/framework?

If you are confident it is a bug then reduce it to a minimal test case and reproduce the bug, otherwise no-one will take you seriously.