0

I have searched everywhere for this, but I'm really not certain we would all describe the symptoms the same way. It is most bizarre.

I set a random hash string (doesn't mater how - I don't believe - but I will post code below), store it in a hidden form variable AND in my session. Standard security measure to ensure a submit action isn't being hacked.

In some cases the session variable has been reset before I get to process it. This is really weird, so pay attention ! :]

Code to create random string:

$keycode = md5( uniqid( rand(), TRUE ) ) . "_" . gmdate( "H:i:s" );

I added the time stamp during testing.
I store the value of keycode in the form and my session.

POST the form (ie. click a button)

Display both the POSTed value and the session value.
The POSTed hidden value is fine (as you'd expect)
But the session has changed. Just the randomly generated string. All other SESSION values are fine. It has been altered BEFORE I do anything with it. And here's the thing. The time stamp is within microseconds of being correct - but the rest of the string (ie. the 32-byte hash) is completely different. Suggesting that to two random strings were created at about the same time.

What on earth is happening here ??
Do I have two session stacks ? (which would be fine - as long as I could determine which one I'm, using !)

I can get this error on a sub-domain, but not the main domain (using the same scripts).
I can generate it on a client's main domain - with no sub-domain at all.

It's part of my security regime - so I need to get it working again.

Anyone up for the challenge ?

~NZS.

3
Contributors
2
Replies
3
Views
6 Years
Discussion Span
Last Post by Melarlo
0

If the other session data is correct, then the key must be getting regenerated on every page request. Without actual code to review, it's impossible to help any further.

0

I have this exact same problem as NZSnowMan. Anyone have any ideas of why a subdomain would do this? I am using php 5.2+ @ inmotionhosting.com.

Edited by Melarlo: needed to include more info

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.