I am maintaining a big PHP application.
To fix a bug I removed the deprecated function call session_register() and replaced it with the $_SESSION superglobal, as per advice on php.net (under session_register() manual page).
However I now note that the rest of the code uses $HTTP_SESSION_VARS to access the session vars, not $_SESSION !!
It looks like I made a booboo here, as the session vars I set via $_SESSION will not be in $HTTP_SESSION_VARS automatically (unless I place them there explicitly). Correct ?
I need to know the answer to this, as if the answer is NO, then I don't need to worry about the rest, but if the answer is YES (as I strongly suspect) then what follows becomes important...
If the answer is YES, then considering that there are 200+ accesses of $HTTP_SESSION_VARS in 30+ files, rather than change all them yet, I'm tempted to change the $_SESSION access to $HTTP_SESSION_VARS (only one access as its inside a wrapper function, that gets called multiple times).
This raises a new issue. $HTTP_SESSION_VARS is not a true superglobal, so can it be accessed from inside a function?