Session Problems w/PHP5

Posted on 2006-03-20
Last Modified: 2011-04-14
I am getting the following error with my script using PHP5, tried looking at the manual on but can't seem to figure out what is wrong here. I can't turn off the message in php.ini because I don't have access to it. Please help.

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Here is my script:

define('CAPTCHA_PATH', $_SERVER['DOCUMENT_ROOT'].'/www/vPod/system/classes/captcha/'); // Path to captcha
include_once(dirname (_FILE__).'/system/templates/js-inc/layer_forms.js');
include_once(dirname (_FILE__).'/system/pear/Validate.php');
include_once(dirname (_FILE__).'/system/classes/TextManipulation/FormFilter.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateUser.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidatePassword.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateEmail.php');
include_once(dirname (_FILE__).'/system/classes/Validators/ValidateCaptcha.php');

$smarty->assign('php_host', $_SERVER['HTTP_HOST']);
$smarty->assign('php_self', $_SERVER['PHP_SELF']);

// securely declare variables
$errors = array();

/* start processing registration */

if(isset($_POST["regeng"]) ) {
$formFilter = &new FormFilter();

$errors = array();

// check form security
$captcha = captcha_validate();

  // Collection of validators
  $validators = array();
  $validators[] = new ValidateUser($_SESSION['_login_handle']);
  $validators[] = new ValidatePassword(array(
      $_REQUEST['password'], $_REQUEST['password_confirm']));
  $validators[] = new ValidateEmail($_SESSION['_emaila']);
  $validators[] = new ValidateCaptcha($captcha);

    // Iterate over the validators, validating as we go
    foreach($validators as $validator) {
        if (!$validator->isValid()) {
            while ( $error = $validator->fetch() ) {

// display errors

if ( isset($errors) && count($errors) > 0 ) {
$smarty->assign('errors', $errors);

} else {

echo "register user";

} else {



Question by:savetheorcas
    LVL 17

    Accepted Solution

    few things to try:

    1. search ALL your other files.  do you make ANY calls to session_ functions in them?
    2. maybe don't pass $_SESSION variables direct to the validators.  they're in $_REQUEST, so try that, or try intermediaries.  Don't think it's an issue, but.
    3. maybe don't direct-assign from $_REQUEST to $_SESSION.  Put them into temp array or variables, then put into the session.
    4. don't even bother sessing $_SESSION stuff until after you've run your validation (just a thought, not really an issue here.).

    LVL 17

    Expert Comment

    Oh, and it could be on of the classes/includes trying to use older session management functions behind your back that is the actual issue...  you could remove all use yourself of $_SESSION in this script, and see if that eliminates the error -- if not, sessions are being 'talked to' in some other file...


    Author Comment

    Very frustrating to say the least. Can you verify for me that I am in fact assigning these variables to sessions in the correct way?

    I've even changed from $_REQUEST to $_POST, still get the error. I even removed the entire block where I assign the variables to sessions and I still get the error. There are calls to session_start(); in other files which are included, I haven't tried removing these yet.

    Perhaps if you could explain to me the correct way to use sessions with php5, the php docs don't seem to explain this clearly. It's very confusing.


    Author Comment

    The only other file which is included in the script I posted here that calls to a session is captcha.php, here are the calls:

          $length = strlen($_SESSION['captcha']);

    Could this be the problem?
    LVL 17

    Expert Comment

    have you looked for other "session_" functions?  There are 'old' techniques for setting session variables using functions instead of the superglobal.

    no, your code looks fine to me by eye.

    also, so far as I know calling session_start multiple times will generate an E_NOTICE level error but otherwise isn't a problem.

    I would try commenting out files until you find one causing the error to come up, and trace down from there.  I've never seen this error myself, so I'm just trying to help you brainstorm how to locate the particular chunk of code that is causing the runtime to throw that error.

    btw, changing from REQUEST to POST wouldn't have made a difference, as they are both superglobals.  Again, I'm not sure the exact context of the error, but it is possible that an assignment into the $_SESSION variable, or passing $_SESSION[something] into a function that maybe expects a by-reference parameter, could be causing the issue.

    If you can hunt down the code causing the error, I can probably be of more use. ;)

    LVL 5

    Expert Comment

    If the script is working, and you just need to silence the error, I think you can set error reporting levels at runtime using ini_set. PHP help file shows something like this:
    ini_set('error_reporting', E_ERROR);



    This should stop PHP from displaying warnings, but still show actual errors.
    LVL 17

    Expert Comment

    Yeah, I don't advise disabling WARNING level errors -- NOTICE level is a different matter.  And, in this case, a further upgrade or ini change could then completely break the script.

    I'd still try to hunt down the issue.  If commenting out blocks doesn't seem to help, you could try using ini_set to turn off session.bug_compat_42 so that it should flag as an error not a warning (not sure that'll help find the issue or not).

    Everything I'm reading about this bug would seem to indicate that it has to do with assigning a global variable into a session -- I'm not sure whether that means assigning from $_REQUEST/$_POST.  You could TRY moving all handling of the session into functions -- changing the scoping of the code.  

    Again, does any of the code you are including use session functions other than _start?  like session_register?


    Author Comment

    I'm not sure here, but the issue might be with my COPA script which is also calling a session_start(). I'm still playing around with things, but so so far (after starting from scratch) I have not seen the error return.

    I'll keep this question open for a bit until I know for sure.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
    Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now