After a long time trying to fix a mystique bug in my CMS engine, I finally found myself trying to avoid another bug, related to my PHP (5.2.5) session. I would like to share my experience here.
What I was trying to do was to check whether a variable in session was present (using PHP is_set() function) or not. The reason why I was doing this was that this session variable was used for caching. If it was an empty array, it meant that empty information unit was cached and, on the other hand, non present array element should have meant that information had not yet been cached, and that should have triggered the caching mechanizm.
What actualy happened was some kind of a random bug. Sometimes (randomly), after clearing the session in my Firefox browser (3.0.8) or IE (7) the session still contained its array hierarchy. All array elements were cleared to empty arrays, but remained in memory. From the CMS point of view that meant that caching was already completed and there was no need to run one. And that's where the PHP bug is.
First of all, lets take a look to some other PHP bugs, related with session I found on the web that might be interesting to PHP programmers:
At first, it looks like clearing Firefox session (session id actually) should force PHP to generate a new session for me, but I guess that it tries to optimize something and leaves the hierarchy in memory, while it is quite likely that I will use the same one during the new connection.
What I am afraid of is that there is a little possibility that when some other user connects to the same system on the Web, such bug, as described above, might cause even security issues.
Tip: NEVER COUNT ON THE EXISTENCE OF AN ARRAY ELEMENT IN SESSION FACT!
To sum up, I can say that I really like PHP language and I truly hope that PHP6 will not contain these problems in the future.
No comments:
Post a Comment