I have searched everywhere for this, but I'm really not certain we would all describe the symptoms the same way. It is most bizarre.

I set a random hash string (doesn't mater how - I don't believe - but I will post code below), store it in a hidden form variable AND in my session. Standard security measure to ensure a submit action isn't being hacked.

In some cases the session variable has been reset before I get to process it. This is really weird, so pay attention ! :]

Code to create random string:

$keycode = md5( uniqid( rand(), TRUE ) ) . "_" . gmdate( "H:i:s" );

I added the time stamp during testing.
I store the value of keycode in the form and my session.

POST the form (ie. click a button)

Display both the POSTed value and the session value.
The POSTed hidden value is fine (as you'd expect)
But the session has changed. Just the randomly generated string. All other SESSION values are fine. It has been altered BEFORE I do anything with it. And here's the thing. The time stamp is within microseconds of being correct - but the rest of the string (ie. the 32-byte hash) is completely different. Suggesting that to two random strings were created at about the same time.

What on earth is happening here ??
Do I have two session stacks ? (which would be fine - as long as I could determine which one I'm, using !)

I can get this error on a sub-domain, but not the main domain (using the same scripts).
I can generate it on a client's main domain - with no sub-domain at all.

It's part of my security regime - so I need to get it working again.

Anyone up for the challenge ?

~NZS.