• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Session Problems w/PHP5

I am getting the following error with my script using PHP5, tried looking at the manual on php.net but can't seem to figure out what is wrong here. I can't turn off the message in php.ini because I don't have access to it. Please help.

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Here is my script:

define('CAPTCHA_PATH', $_SERVER['DOCUMENT_ROOT'].'/www/vPod/system/classes/captcha/'); // Path to captcha
include_once(dirname (_FILE__).'/system/templates/js-inc/layer_forms.js');
include_once(dirname (_FILE__).'/system/pear/Validate.php');
include_once(dirname (_FILE__).'/system/classes/TextManipulation/FormFilter.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateUser.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidatePassword.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateEmail.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateCaptcha.php');

$smarty->assign('php_host', $_SERVER['HTTP_HOST']);
$smarty->assign('php_self', $_SERVER['PHP_SELF']);

// securely declare variables
$errors = array();

/* start processing registration */

if(isset($_POST["regeng"]) ) {
$formFilter = &new FormFilter();

$errors = array();

// check form security
$captcha = captcha_validate();

  // Collection of validators
  $validators = array();
  $validators[] = new ValidateUser($_SESSION['_login_handle']);
  $validators[] = new ValidatePassword(array(
      $_REQUEST['password'], $_REQUEST['password_confirm']));
  $validators[] = new ValidateEmail($_SESSION['_emaila']);
  $validators[] = new ValidateCaptcha($captcha);

    // Iterate over the validators, validating as we go
    foreach($validators as $validator) {
        if (!$validator->isValid()) {
            while ( $error = $validator->fetch() ) {

// display errors

if ( isset($errors) && count($errors) > 0 ) {
$smarty->assign('errors', $errors);

} else {

echo "register user";

} else {



  • 4
  • 3
1 Solution
few things to try:

1. search ALL your other files.  do you make ANY calls to session_ functions in them?
2. maybe don't pass $_SESSION variables direct to the validators.  they're in $_REQUEST, so try that, or try intermediaries.  Don't think it's an issue, but.
3. maybe don't direct-assign from $_REQUEST to $_SESSION.  Put them into temp array or variables, then put into the session.
4. don't even bother sessing $_SESSION stuff until after you've run your validation (just a thought, not really an issue here.).

Oh, and it could be on of the classes/includes trying to use older session management functions behind your back that is the actual issue...  you could remove all use yourself of $_SESSION in this script, and see if that eliminates the error -- if not, sessions are being 'talked to' in some other file...

savetheorcasAuthor Commented:
Very frustrating to say the least. Can you verify for me that I am in fact assigning these variables to sessions in the correct way?

I've even changed from $_REQUEST to $_POST, still get the error. I even removed the entire block where I assign the variables to sessions and I still get the error. There are calls to session_start(); in other files which are included, I haven't tried removing these yet.

Perhaps if you could explain to me the correct way to use sessions with php5, the php docs don't seem to explain this clearly. It's very confusing.

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

savetheorcasAuthor Commented:
The only other file which is included in the script I posted here that calls to a session is captcha.php, here are the calls:

      $length = strlen($_SESSION['captcha']);

Could this be the problem?
have you looked for other "session_" functions?  There are 'old' techniques for setting session variables using functions instead of the superglobal.

no, your code looks fine to me by eye.

also, so far as I know calling session_start multiple times will generate an E_NOTICE level error but otherwise isn't a problem.

I would try commenting out files until you find one causing the error to come up, and trace down from there.  I've never seen this error myself, so I'm just trying to help you brainstorm how to locate the particular chunk of code that is causing the runtime to throw that error.

btw, changing from REQUEST to POST wouldn't have made a difference, as they are both superglobals.  Again, I'm not sure the exact context of the error, but it is possible that an assignment into the $_SESSION variable, or passing $_SESSION[something] into a function that maybe expects a by-reference parameter, could be causing the issue.

If you can hunt down the code causing the error, I can probably be of more use. ;)

If the script is working, and you just need to silence the error, I think you can set error reporting levels at runtime using ini_set. PHP help file shows something like this:
ini_set('error_reporting', E_ERROR);



This should stop PHP from displaying warnings, but still show actual errors.
Yeah, I don't advise disabling WARNING level errors -- NOTICE level is a different matter.  And, in this case, a further upgrade or ini change could then completely break the script.

I'd still try to hunt down the issue.  If commenting out blocks doesn't seem to help, you could try using ini_set to turn off session.bug_compat_42 so that it should flag as an error not a warning (not sure that'll help find the issue or not).

Everything I'm reading about this bug would seem to indicate that it has to do with assigning a global variable into a session -- I'm not sure whether that means assigning from $_REQUEST/$_POST.  You could TRY moving all handling of the session into functions -- changing the scoping of the code.  

Again, does any of the code you are including use session functions other than _start?  like session_register?

savetheorcasAuthor Commented:
I'm not sure here, but the issue might be with my COPA script which is also calling a session_start(). I'm still playing around with things, but so so far (after starting from scratch) I have not seen the error return.

I'll keep this question open for a bit until I know for sure.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now