Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am setting a session variable in PHP as follows:
$_SESSION['pass'] = $pass;
where $pass is some password, ie. "test4;" The session variable on the left side works fine, but I found to my surpise and concern that $pass on the right side also seems to be a session variable, that is, once set, I can echo $pass from any page and it seems to persist until I destroy the session.
What gives? How can I prevent this?
Thanks!
Register globals is probably on – which is a huge security risk! Check to see if this is the case, and make sure it’s off. Also, it’s a deprecated method.
If register_globals is enabled, you can turn it off either by changing this setting in php.ini OR by placing this in a .htaccess file: