Author Topic: Session ID getting set randomly  (Read 2704 times)

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14305
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Session ID getting set randomly
« on: December 12, 2013, 10:10:15 PM »
I might lose my mind.  I have a CMS app that I wrote and I hold the user id in the session once logged in.  Everything seems fine and I move throughout the app and it remains there.  HOWEVER, when I navigate to one specific form, the uid session variable gets set to -1.  There is only 1 place where that ID is set (initial login) and I logged that method and it doesn't pass through there when this happens.

I had issues with the host earlier today triggering a 403 because of a mod_security rule when submitting that same form because of one of my variable names, but I replaced that variable and it STILL does it.

Anyone have any clue as to what I might be dealing with here?

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14305
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Session ID getting set randomly
« Reply #1 on: December 12, 2013, 10:29:54 PM »
FML... learn something new every day.  I was running a query at the top of that page that also had a column 'uid', matching my session variable.  APPARENTLY, the fucking extract command will overwrite existing items in the symbol table, INCLUDING session variables.

extract($row, EXTR_SKIP);

The EXTR_SKIP prevents it from overwriting existing variables.  Luckily I don't use the user id variable from the table on that page.  I could have just selected specific columns out of the table to get around it too but that didn't seem ideal.

KnuckleBuckett

  • Jackass In Charge
  • Posts: 8674
  • Karma: +26/-259
  • [url=http://google.com]I search a lot[/url]
Re: Session ID getting set randomly
« Reply #2 on: December 13, 2013, 01:34:05 AM »
I did that in Minecraft once.