Session Scripting ...bug_compat_warning

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Session Scripting ...bug_compat_warning

Post by cle »

Hi. I'm relatively new to PHP scripting. Actually, webscripting in general, I'm new. In particular, I'm trying to figure out what I can do differently for an error that I'm getting.

<<--
Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
-->>

I think disabling certain functionality is taking the easy way out of things. Can anyone possibly provide some insight on how I could do things correctly? I think th message is clear enough.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Check out viewtopic.php?t=511 sticky in the PHP - Normal forum.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

This topic has been moved to PHP - Normal as it does not belong in Advanced. Please be sure to carefully read forum descriptions before posting within them.

Mac
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Post by cle »

After further reviewing Mac's suggestions, I realized I may have left out a few details. I've tried googling this particular phrase, "session.bug_compat" and variations thereof. The results were disappointing. I was lead to thread about _POST and _GET methods, that which I've figured out how to successfully use OUTSIDE of sessions. I've review the manual regarding sessions but nothing specific to this error. It simply tells me to turn it off the bug, which doesn't answer my question. I tested my code and seemingly it works, but the error message <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> me off and I wanted to know what I was doing wrong. Again, I'm relatively new to webscripting when dealing with sessions.

So yeah. Thanks in advance for any advice and effort.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Two questions:
1) Is register_globals set to off on your install?
2) Are you pulling session data out of $_SESSION ?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

do you assing a possibly not existent variable (e.g. a form value that might not be set) or do you use session_register() on a variable previously set to global scope?
In case of doubt please post the relevant code snippets of your script ;)

edit: points in the same direction as nielsene's last post...
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Post by cle »

nielsene wrote:Two questions:
1) Is register_globals set to off on your install?
2) Are you pulling session data out of $_SESSION ?
1) Hm...well, by default register_globals is off. I turned it on when I first installed it because it made coding easier. Though, after reading about the pitfalls, I turned it off and had to recode tons, specifically form variables...i.e., $var would now be rewritten as $_(POST||GET)['var']; depending on respective form methods.

2) Pulling session data: Yes, in order to authenticate users, I'm querying a MySQL db based on username and password form inputs. Upon authentication, I session_register() a boolean $logged_in. This process occurs in a "global.php" file that is required() by my "application.php" file. The $logged_in variable stays alive throughout the session and then gets destroyed when user logs out. The logging in process seems to work thus far.

Oh, this warning message ONLY pops up when I open up a new instance of the UA, specifically IE (no chance to test with other UA's yet), and try logging in. Any attempts at logging in and out of the system within that specific instance of the UA thereafter won't show this warning message. I think this might be key? This is the only outstanding tidbit of information that stands out in my head. Though, I thought perhaps the warning itself wouldn't be so unique. I've found no information about the warning so far. I just see people "turning off the warning message", which isn't a longterm solution to solving such a problem.

Regarding snippets, there's a lot of code and I wouldn't know exactly what to post because I'm not sure what the warning truly means...I haven't a clue what data I might be trying to pull that's forcing this warning so I wouldn't know where to begin posting. Sorry. Still trying to sort this out logically.
Last edited by cle on Thu Jun 19, 2003 7:46 pm, edited 1 time in total.
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Post by cle »

I also wanted to note: I have no prior experience in session coding previous versions to PHP 4.3.0. So in the warning

<<--
Your script possibly relies on a session side-effect which existed until PHP 4.2.3
-->>

makes absolutely no sense to me. Just trying to understand what the warning is talking about. I tried reviewing the "Changes" made to PHP 4.2.x to get 4.3.2 (http://www.php.net/ChangeLog-4.php) but I don't see any relevant changes :( Could just be my ignorance. Thanks in advance for the advice and efforts.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

cle wrote: 2) Pulling session data: Yes, in order to authenticate users, I'm querying a MySQL db based on username and password form inputs. Upon authentication, I session_register() a boolean $logged_in. This process occurs in a "global.php" file that is required() by my "application.php" file. The $logged_in variable stays alive throughout the session and then gets destroyed when user logs out. The logging in process seems to work thus far.
Are you doing $logged_in = $_SESSION["logged_in"] ? after your session_start()?

Session variables are just like GET/POST variables and need to be pulled from the superglobal array.
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Post by cle »

nielsene wrote:
Are you doing $logged_in = $_SESSION["logged_in"] ? after your session_start()?

Session variables are just like GET/POST variables and need to be pulled from the superglobal array.
Let's see if this makes any sense. Two files, global.php, application.php:

Code: Select all

//global.php

//the following two are from sign-on form.
$username;
$password;

$result = authenticate with mysql db;

if($result){
$logged_in = true;
start session;
session_register($logged_in);
}

else $logged_in = false;

//EOF

//------------------------------------------------------------//

//application.php

require("global.php");

if(isset($_SESSION['logged_in'])) $logged_in = $_SESSION['logged_in'];

if($logged_in) {
do application stuff
}
else {
print "can't log in...etc...";
end session and destroy vars;
}
//EOF
This is essentially the gist of it. Here, I didn't include the logout/signoff code in the global...but that's pretty much it...? again, i see the logics a bit messy, but i'm still trying to understand this session stuff. thanks in advance.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Are $username and $password filled useing $_POST/$_GET?

It seems like we're not connecting here... I feel like you aren't answering the questions I ask. I bet you feel like I'm not being helpful...

Please tell us
1. register_globals is set to on or off in your php.ini file (You say its been on and off, what is the current status)
2. please show the exact code you use for authenticating with mysql db, using the username/password variables.

I'm almost postive that the error involves both of those aspects, but I can't say for 100% baed on what you've shown.
cle
Forum Newbie
Posts: 16
Joined: Thu Jun 19, 2003 1:43 pm

Post by cle »

AH!!!!!!!!!!! I got it. I know exactly what I was doing wrong now. After review the manual further and carefully reading one particular line of instructions that I previously overlooked, I've figured out why I was getting the error.

When register_globals is OFF, you CANNOT use session_register() and session_unregister(). Simply just doesn't work correctly. And that's why I was getting my warning messages. In order to set any session variables, one must do" $_SESSION['var'] = "abc";...etc...likewise, when calling the variable, must use $_SESSION['var'].

So yeah. I'd like to thank everyone for their efforts. I know I wasn't very helpful with my information but irregardless of the past, the problem has been solved.

Best Regards!
Post Reply