Databases
StackOverflow2013
Postsdbo
POIn PHP, why are my session variables persisted as references?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POIn PHP, why are my session variables persisted as references?
    text
    copied!<p>Here's the code. It's a simple operation to check that a session ID isn't being spoofed by verifying the IP address:</p> <pre><code>session_start(); $session_ip_address = $_SERVER['REMOTE_ADDR']; if((!isset($_SESSION['SESSION_IP_ADDRESS'])) || !$_SESSION['SESSION_IP_ADDRESS']) { $_SESSION['SESSION_IP_ADDRESS'] = $session_ip_address; } if($_SESSION['SESSION_IP_ADDRESS'] != $_SERVER['REMOTE_ADDR']) { session_destroy(); $_SESSION['security_error'] = true; } </code></pre> <p>If I insert <code>var_dump($_SESSION)</code> right after <code>session_start()</code> and again at the end of the script, then the very first time I run the code (without a session cookie set) I see that at first the array is empty, then it has my IP address assigned to the key 'SESSION_IP_ADDRESS'. So far, so good. But when I run the code again, now it shows that 'SESSION_IP_ADDRESS' is stored as a <em>reference</em> immediately after the session starts (I can tell by the ampersand prepended to the string). When I run it a third time, I see that 'SESSION_IP_ADDRESS' is now a null reference (<code>'SESSION_IP_ADDRESS' =&gt; &amp;null</code>) immediately after the session starts. What is going on?!</p> <p>To reiterate, this is the output the first time:</p> <pre><code>array(0) { } array(1) { ["SESSION_IP_ADDRESS"]=&gt; string(11) "xx.xx.xxx.x" } </code></pre> <p>This is the output the second time:</p> <pre><code>array(1) { ["SESSION_IP_ADDRESS"]=&gt; &amp;string(11) "xx.xx.xxx.x" } array(1) { ["SESSION_IP_ADDRESS"]=&gt; &amp;string(11) "xx.xx.xxx.x" } </code></pre> <p>And the third time and every time from then on:</p> <pre><code>array(1) { ["SESSION_IP_ADDRESS"]=&gt; &amp;NULL } array(1) { ["SESSION_IP_ADDRESS"]=&gt; &amp;string(11) "xx.xx.xxx.x" } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload