I'm able to to recreate this behavior using PHP v5.2.10 with register_globals
and after multiple visits to the page:
test.php:
<?php
session_start();
$_SESSION['me'] = 654;
$me = $_GET['me'];
echo $_SESSION['me'];
http://localhost/test.php?me=321
The first time the page is loaded the output is 654
. The second time the page is run the output becomes 321
. Why does this happen?
First Time:
- When first called the
$_SESSION['me']
variable doesn't exist, so it is NOT initialized as a global.
$_GET['me']
does exist and is initialized as global variable $me
Second Time:
- On page refresh the
$_SESSION['me']
variable now exists and is initialized as the global var $me
$me
now refers to $_SESSION['me']
- Any assignment to
$me
will overwrite the session variable, so the SESSION variable becomes 321
and the output becomes 321
However, the OP states in a comment that he has register_globals turned off ... in that case I'm not sure what to make of it!