How does register_globals OFF affect registration of Session variables?

MarkB423

Something has been bugging me about compatibility with my code and when register_globals is OFF in php.ini:

Are Session variables still automatically registered when session_start() is called and register_globals is set to OFF?

I would assume the answer is yes, but my system does not have register_globals set to off, so I cannot experiment.

Chimera

Session variables are not registered as globals when register globals is off. You have to use the superglobal $SESSION, just as you do with $COOKIE, $POST and $GET when register globals is off.

MarkB423

1.) So what is the best way to "register" session variables, then? Just assign values to the $_SESSION array?

2.) Also, is the $HTTP_SESSION_VARS array as secure as the $_SESSION array or having the variables automatically registered when session_start() is called (and thus overwriting any other value that the session might have had)?

3.) Lastly, do I have to call session_start before the $_SESSION or $HTTP_SESSION_VARS array will be available?