PHP session side-effect warning with global variables as a source of data

basically you have a variable with the same name as your session. ex:

$_SESSION['var1'] = null;$var1 = 'something';

which will reproduce this error. you can stop PHP from trying to find existing variables and warning you about them by adding these lines to your script:

ini_set('session.bug_compat_warn', 0);ini_set('session.bug_compat_42', 0);

these values can be set in php.ini or .htaccess as well

There seem to be a few problematic possibilities here:

http://www.spiration.co.uk/post/1231/Your-script-possibly-relies-on-a-session-side-effect

says that cases like this:

$_SESSION['firstname']=$_REQUEST['firstname'];

will trigger the warning.

Additionally, I interpret this php bug content: http://bugs.php.net/bug.php?id=41540 to mean that this error may also occur when you assign a variable to the session superglobal that is not yet initialized, e.g.

//Start of script$_SESSION['bob'] = $bob;

This is good information on finding out what's causing the warning, but I would recommend NOT shutting off the warnings Owen mentions. These runtime functions are removed in PHP 5.4.0 and the developer should get into the practice of avoiding such usage of variables.

To fix this, it may be a pain on the developers end, but if you have

$_SESSION["user"]$user;

rename the session to

$_SESSION["sessuser"];

Or vise-versa just as long as the session name and the variable name are different. Think of it this way: when you upgrade to the latest build, you'll have to debug your code anyhow.