Session value gets deleted if an equally named variable gets nulled

Question

I've got the following script called index.php:

<?php
session_start();
print_r($_SESSION);
$lang = "";
print_r($_SESSION);

//some other stuff

$lang = "abc";
$_SESSION['lang'] = $lang;
?>

On the first call, it returns as expected

Array () Array ()

On the second call (if I press F5), and this is stunning imho, this output appears:

Array ( [lang] => abc ) Array ()

The Session value with key "lang" gets emptied if I just set the variable $lang to "". Why does this happen?

EDIT: I am running PHP 5.2.17.

Answer 1

check this http://php.net/manual/en/security.globals.php and also What are register_globals in PHP?

but if I want to say it simply : if register_globals be ON all $_POST and $_GET and $_SESSION variables will automatically copied to the variables with a same name of their index.So for example when you have a $foo you can't understand where it comes from ($_GET['foo'], $_SESSION['foo'], etc).

AND as @EricCitaire mentioned "Just disable it, its default value is false since PHP 4.2, deprecated in 5.3 and simply removed in 5.4 because of serious security concerns."

you can set it off using php.ini, .htaccess and also using ini_set()

ini_set('register_globals', 'Off')

other links:

Dealing with register_globals

http://php.net/manual/en/function.ini-set.php

register globals php