Leaky PHP Session Variables

If you create a session variable, e.g. $_SESSION["username"], it will conflict with a local variable named $username.

Therefore, the best practice would be to prefix all session variables with a leading underscore, e.g. $_SESSION["_username"], so that they do not conflict with local variables.

Reference:

http://www.php.net/manual/en/ref.session.php#45534

19 October 2006 | Software engineering, PHP | Comments

One Response to “Leaky PHP Session Variables”

  1. 1 Ady 6 August 2007 @ 1:46 pm

    This basically will only happen if you have register_globals turned on. By default, and by best practice register_globals should always be turned off.

Comments:

  1.  
  2.  
  3.