Session Scripting ...bug_compat_warning
Moderator: General Moderators
Session Scripting ...bug_compat_warning
Hi. I'm relatively new to PHP scripting. Actually, webscripting in general, I'm new. In particular, I'm trying to figure out what I can do differently for an error that I'm getting.
<<--
Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
-->>
I think disabling certain functionality is taking the easy way out of things. Can anyone possibly provide some insight on how I could do things correctly? I think th message is clear enough.
<<--
Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
-->>
I think disabling certain functionality is taking the easy way out of things. Can anyone possibly provide some insight on how I could do things correctly? I think th message is clear enough.
Check out viewtopic.php?t=511 sticky in the PHP - Normal forum.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
After further reviewing Mac's suggestions, I realized I may have left out a few details. I've tried googling this particular phrase, "session.bug_compat" and variations thereof. The results were disappointing. I was lead to thread about _POST and _GET methods, that which I've figured out how to successfully use OUTSIDE of sessions. I've review the manual regarding sessions but nothing specific to this error. It simply tells me to turn it off the bug, which doesn't answer my question. I tested my code and seemingly it works, but the error message <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> me off and I wanted to know what I was doing wrong. Again, I'm relatively new to webscripting when dealing with sessions.
So yeah. Thanks in advance for any advice and effort.
So yeah. Thanks in advance for any advice and effort.
do you assing a possibly not existent variable (e.g. a form value that might not be set) or do you use session_register() on a variable previously set to global scope?
In case of doubt please post the relevant code snippets of your script
edit: points in the same direction as nielsene's last post...
In case of doubt please post the relevant code snippets of your script
edit: points in the same direction as nielsene's last post...
1) Hm...well, by default register_globals is off. I turned it on when I first installed it because it made coding easier. Though, after reading about the pitfalls, I turned it off and had to recode tons, specifically form variables...i.e., $var would now be rewritten as $_(POST||GET)['var']; depending on respective form methods.nielsene wrote:Two questions:
1) Is register_globals set to off on your install?
2) Are you pulling session data out of $_SESSION ?
2) Pulling session data: Yes, in order to authenticate users, I'm querying a MySQL db based on username and password form inputs. Upon authentication, I session_register() a boolean $logged_in. This process occurs in a "global.php" file that is required() by my "application.php" file. The $logged_in variable stays alive throughout the session and then gets destroyed when user logs out. The logging in process seems to work thus far.
Oh, this warning message ONLY pops up when I open up a new instance of the UA, specifically IE (no chance to test with other UA's yet), and try logging in. Any attempts at logging in and out of the system within that specific instance of the UA thereafter won't show this warning message. I think this might be key? This is the only outstanding tidbit of information that stands out in my head. Though, I thought perhaps the warning itself wouldn't be so unique. I've found no information about the warning so far. I just see people "turning off the warning message", which isn't a longterm solution to solving such a problem.
Regarding snippets, there's a lot of code and I wouldn't know exactly what to post because I'm not sure what the warning truly means...I haven't a clue what data I might be trying to pull that's forcing this warning so I wouldn't know where to begin posting. Sorry. Still trying to sort this out logically.
Last edited by cle on Thu Jun 19, 2003 7:46 pm, edited 1 time in total.
I also wanted to note: I have no prior experience in session coding previous versions to PHP 4.3.0. So in the warning
<<--
Your script possibly relies on a session side-effect which existed until PHP 4.2.3
-->>
makes absolutely no sense to me. Just trying to understand what the warning is talking about. I tried reviewing the "Changes" made to PHP 4.2.x to get 4.3.2 (http://www.php.net/ChangeLog-4.php) but I don't see any relevant changes
Could just be my ignorance. Thanks in advance for the advice and efforts.
<<--
Your script possibly relies on a session side-effect which existed until PHP 4.2.3
-->>
makes absolutely no sense to me. Just trying to understand what the warning is talking about. I tried reviewing the "Changes" made to PHP 4.2.x to get 4.3.2 (http://www.php.net/ChangeLog-4.php) but I don't see any relevant changes
Are you doing $logged_in = $_SESSION["logged_in"] ? after your session_start()?cle wrote: 2) Pulling session data: Yes, in order to authenticate users, I'm querying a MySQL db based on username and password form inputs. Upon authentication, I session_register() a boolean $logged_in. This process occurs in a "global.php" file that is required() by my "application.php" file. The $logged_in variable stays alive throughout the session and then gets destroyed when user logs out. The logging in process seems to work thus far.
Session variables are just like GET/POST variables and need to be pulled from the superglobal array.
Let's see if this makes any sense. Two files, global.php, application.php:nielsene wrote:
Are you doing $logged_in = $_SESSION["logged_in"] ? after your session_start()?
Session variables are just like GET/POST variables and need to be pulled from the superglobal array.
Code: Select all
//global.php
//the following two are from sign-on form.
$username;
$password;
$result = authenticate with mysql db;
if($result){
$logged_in = true;
start session;
session_register($logged_in);
}
else $logged_in = false;
//EOF
//------------------------------------------------------------//
//application.php
require("global.php");
if(isset($_SESSION['logged_in'])) $logged_in = $_SESSION['logged_in'];
if($logged_in) {
do application stuff
}
else {
print "can't log in...etc...";
end session and destroy vars;
}
//EOFAre $username and $password filled useing $_POST/$_GET?
It seems like we're not connecting here... I feel like you aren't answering the questions I ask. I bet you feel like I'm not being helpful...
Please tell us
1. register_globals is set to on or off in your php.ini file (You say its been on and off, what is the current status)
2. please show the exact code you use for authenticating with mysql db, using the username/password variables.
I'm almost postive that the error involves both of those aspects, but I can't say for 100% baed on what you've shown.
It seems like we're not connecting here... I feel like you aren't answering the questions I ask. I bet you feel like I'm not being helpful...
Please tell us
1. register_globals is set to on or off in your php.ini file (You say its been on and off, what is the current status)
2. please show the exact code you use for authenticating with mysql db, using the username/password variables.
I'm almost postive that the error involves both of those aspects, but I can't say for 100% baed on what you've shown.
AH!!!!!!!!!!! I got it. I know exactly what I was doing wrong now. After review the manual further and carefully reading one particular line of instructions that I previously overlooked, I've figured out why I was getting the error.
When register_globals is OFF, you CANNOT use session_register() and session_unregister(). Simply just doesn't work correctly. And that's why I was getting my warning messages. In order to set any session variables, one must do" $_SESSION['var'] = "abc";...etc...likewise, when calling the variable, must use $_SESSION['var'].
So yeah. I'd like to thank everyone for their efforts. I know I wasn't very helpful with my information but irregardless of the past, the problem has been solved.
Best Regards!
When register_globals is OFF, you CANNOT use session_register() and session_unregister(). Simply just doesn't work correctly. And that's why I was getting my warning messages. In order to set any session variables, one must do" $_SESSION['var'] = "abc";...etc...likewise, when calling the variable, must use $_SESSION['var'].
So yeah. I'd like to thank everyone for their efforts. I know I wasn't very helpful with my information but irregardless of the past, the problem has been solved.
Best Regards!