lime icon

Phosphorus and Lime

A Developer's Broadsheet

This blog has been deprecated. Please visit my new blog at
PHP: SESSION array bug clarified
First posted on this here. I hastily posted some code there that summarizes the problem but doesn't actually reproduce it. The following code in fact reproduces it:



if ( empty($_SESSION['is_reloaded']) )
$_SESSION['is_reloaded'] = 1;
$_SESSION['ARRAY'] = array( 1, 2, 3, 4);
header("Location: {$_SERVER['PHP_SELF']}");

$ARRAY = array( 'new', 'values' );

if ( $_SESSION['ARRAY'][0] != 1 ) echo "you've been victimized by the PHP4 array namespace bug";
else { echo "bug not detected"; }


An online demo can be seen here:

This is a really critical issue for me in choosing a host for some of my projects.

NOTE: just found this on the PHP bug site:

The developer's response:

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

Turn off register_globals if you don't want this behaviour.

I have followed the instructions on and turned off register globals using an .htaccess file (the site notes that you can't use ini_set to turn off in runtime). I also tried this method. Nevertheless, I am still getting the error.

Correction: the .htaccess file appears to have fixed the problem. I had to restart my browser, however, before I could detect the change.

This site was quite helpful for me in solving this problem:

I'd also like to thank Jeff Petersen at Myriad Network for his assistance in sorting this out.
for what it's worth, I posted a comment on page on sessions: