Maybe I am too tired... but I can't figure out how the session id in this piece of code becomes 143 from 149.
echo "session id is".$_SESSION['userid'];
$smarty->assign('itemresults',$arr2);
$_SESSION['userid']
if (isset($_REQUEST['id']))
{
$userid=$_REQUEST['id'];
}
else
{
echo "session id 1 is".$_SESSION['userid'];
$userid=$_SESSION['userid'];
}
echo "session id 2 is".$_SESSION['userid'];
Output:
session id is149session id 2 value is143
UPDATE:
Ok just found out that If I change the var $userid the issue is no more but why assigning a value to $userid will modify $_SESSION['userid'] as well ??
The below code works:
if (isset($_REQUEST['id']))
{
$userid2=$_REQUEST['id'];
}
else
{
echo "session id 1 value".$_SESSION['userid'];
$userid2=$_SESSION['userid'];
}
you have register_globals turned on, which is a potential security hole (very easy to fall into as you've noticed), and a dead end (it's gone from 5.4).
http://www.php.net/manual/en/ini.core.php#ini.register-globals:
Whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables.
As of PHP 4.2.0, this directive defaults to off.
Please read the security chapter on Using register_globals for related information.
Warning
This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Do you have made $userid a reference to the session value, maybe? I can more or less reproduce it like this:
<?php
session_start();
// Put 10 in the session
$_SESSION['userid'] = 10;
// Get a reference to that session variable (note the `&`)
$userid = &$_SESSION['userid'];
// Increment
$userid++;
echo $_SESSION['userid']; // 11