PHP global variables and SESSION vulnerabilities (global and session)

Let's take a look at this simple code.
<? Php
Session_start (); $ _ SESSION ['isadmin'] = 'yes'; $ isadmin = 'no'; echo $ _ SESSION ['isadmin'];?>
When register_globals = Off is configured in php. ini,
No problem,
Output yes,
When register_globals = On is configured in php. ini,
First Run output yes
If you refresh the page, no is displayed. Obviously, this is not normal,
This is a strange problem,
If $ isadmin = 'no'; changes the SESSION,
Why is yes displayed for the first time? All know: When register_globals = On is configured,
Through xxx. php? Id = 123 when accessing, the program automatically creates the variable id
Will automatically created Variables change the SESSION?
Test code
<? Php
// Xxx. php
Session_start ();
Echo $ _ SESSION ['id'];
?>
Through xxx. php? Id = 123 access, no output,
Okay, or you don't know how many
Logon using SESSION
PHP configures register_globals as On.
Will be logged on at will. There are also two common functions: import_request_variables () and extract ()
Import_request_variables -- import GET/POST/Cookie variables to the global scope
Extract -- import the variable from the array to the current symbol table
<? Php
// Xxx. phpimport_request_variables ('G ');
Echo $ id;?>
When using xxx. php? Id = 123,
Even if register_globals is set to Off
It will also output 123 extract ($ _ GET) and import_request_variables ('G') functions are similar. So will the variables created by import_request_variables () and extract () affect the SESSION?
Test code
<? Php
// Xxx. php
Session_start (); import_request_variables ('G'); echo $ _ SESSION ['id'];
?>
Www.2cto.com
When using xxx. php? Id = 123 access program,
No output. Use extract ($ _ GET) instead of import_request_variables ('G') for testing,
Still no output, this is strange, because the test
<? Php
Session_start ();
$ Arr = array ('id' = & gt; 123 );
Extract ($ arr );
Echo $ _ SESSION ['id'];
?>
When register_globals is On
It will output 123 and it looks like an array,
Extract processing $ _ GET and processing the defined array
Different methods are used. Conclusion:
When register_globals is On,
Variables created with import_request_variables ('G') and extract ($ _ GET) do not change the SESSION. Summary: The vulnerability only exists when PHP configures register_globals = On, and the defined Variables change the SESSION with the same name.