0

I am setting a session variable in PHP as follows:

    $_SESSION['pass'] = $pass;

where $pass is some password, ie. "test4;" The session variable on the left side works fine, but I found to my surpise and concern that $pass on the right side also seems to be a session variable, that is, once set, I can echo $pass from any page and it seems to persist until I destroy the session.

What gives? How can I prevent this?

Thanks!

Improve this question
3
  • 2
    Well, where does $pass come from? Commented Jun 8, 2012 at 13:10
  • 2
    Are you running with register globals enabled? Commented Jun 8, 2012 at 13:11
  • Maybe somewhere you assign session variable to $pass. Commented Jun 8, 2012 at 13:12

2 Answers 2

Reset to default
4

Register globals is probably on - which is a huge security risk! Check to see if this is the case, and make sure it's off. Also, it's a deprecated method.

If register_globals is enabled, you can turn it off either by changing this setting in php.ini OR by placing this in a .htaccess file:

php_flag register_globals off
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Where would I find this? The site is hosted remotely on a shared server but I have access to some settings.
phpinfo(); - it tells you all you need to know.
yes register globals is on. Do you know how to turn it off, ie in what file?
I am getting an Internal Server Error
Update: adding the above flag to the htaccess file caused php to stop working. However, my host lets you edit the php.ini file in the control panel and there is a setting to turn register_globals from on to off. This did the trick and solved problem. Thanks!
-1

You are assigning the session and the $pass to be equal to each other. Try just using 

if(!isset($_SESSION['pass']))

With whatever information you want to validate

Improve this answer

1 Comment

I really don't get what this has to do with OP's question? He's talking that is $pass (not his $_SESSION['pass']) is available everywhere.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.