Cannot set session variables in a page that is handling session.upload_progress.name

Question

This has been another one of those hair pulling moments, and I was wondering if anyone could shed some light on this issue I'm having.

I've managed to replicate the issue with 2 simple php pages.

Page1 (test.php)

This is just a simple file upload form that also uses the session.upload_progress.name hidden field. It then outputs the $_SESSION array:

<form name="fileupload" action="test2.php" method="POST" enctype="multipart/form-data">
    <input type="hidden" name="<?php echo ini_get("session.upload_progress.name"); ?>" value="123">
    <input type="file" name="newfile">
    <input type="submit" name="submit" value="Submit">
</form>
<?php
    if(!isset($_SESSION)) {
        session_start();
    }
    print_r($_SESSION);
?>

Page 2 (test2.php) This page simply adds a session variable, and outputs the $_SESSION array. It also includes a link to go back to test.php:

<?php
    if(!isset($_SESSION)) {
        session_start();
    }
    $_SESSION['new']='Im a new value that will disappear';
    print_r($_SESSION);
?>
<a href="test.php">Go back</a>

Now, if you load test1.php, it will output:

{ The form }
Array()

Click submit, and it will take you to test2.php and output:

Array
(
    [upload_progress_123] => Array
        (
            [start_time] => 1419385365
             etc etc ...
        )

    )

    [new] => Im a new value that will disappear
)

Now click 'Go back' and it will only output:

{ the form }
Array
(
    [upload_progress_123] => Array
        (
            [start_time] => 1419385365
             etc etc ...
        )

    )
)

(Notice how [new] is not there)

Is there any solid reason as to why this is happening?

In this example, I have session.upload_progress.cleanup set to off, for debugging. But the behaviour of the new session is the same when it is set to on.

Looks like I'm gunna have to stick a bounty on it ... Just out of curiousity, has anyone copied my code and had the same output? — Just Lucky Really, Dec 24 '14 at 12:14

score 2 · Accepted Answer · edited May 23 '17 at 10:26

2

The problem is in the way you're checking for an active session before starting one. session_start() should be called on every page so you don't really need those if(!isset($_SESSION)), if you remove them the page should work correctly.

But if for some reason you must check if the session has been started, the correct way to do so according to this answer would be:

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

edited May 23 '17 at 10:26

Community

1
1

answered Dec 26 '14 at 06:12

omma2289

54,161
8
64
68

This doesn't explain why the new session dissappears. If I implement your changes into the code, the same results are achieved. – Just Lucky Really Dec 26 '14 at 06:16
Strange, I copied your code and replicated the issue. Modified it and it worked correctly. What PHP version are you running? – omma2289 Dec 26 '14 at 06:20
v5.5 on Ubuntu Trusty ... When you copied my code, did you manage to replicate the problem? – Just Lucky Really Dec 26 '14 at 06:21
Well not completely, the upload progress feature doesn't work on my local server but I did notice the session value set in `test2.php` was not being kept when clicking on the "Go back" link – omma2289 Dec 26 '14 at 06:29
Ah yeah you were right, I was implementing your solution wrong ... But, can you explain why this only happens when using the `session.upload_progress.name` as a hidden field? If you remove it from the form, it allows you to add to the current session, using my code. – Just Lucky Really Dec 26 '14 at 06:47
Also, thanks Lol ... I can stop pulling my hair out Lol – Just Lucky Really Dec 26 '14 at 06:48

Cannot set session variables in a page that is handling session.upload_progress.name

1 Answers1