EntropySink
Technical & Scientific => Programming => Topic started by: ober on December 12, 2013, 10:10:15 PM
-
I might lose my mind. I have a CMS app that I wrote and I hold the user id in the session once logged in. Everything seems fine and I move throughout the app and it remains there. HOWEVER, when I navigate to one specific form, the uid session variable gets set to -1. There is only 1 place where that ID is set (initial login) and I logged that method and it doesn't pass through there when this happens.
I had issues with the host earlier today triggering a 403 because of a mod_security rule when submitting that same form because of one of my variable names, but I replaced that variable and it STILL does it.
Anyone have any clue as to what I might be dealing with here?
-
FML... learn something new every day. I was running a query at the top of that page that also had a column 'uid', matching my session variable. APPARENTLY, the fucking extract command will overwrite existing items in the symbol table, INCLUDING session variables.
extract($row, EXTR_SKIP);
The EXTR_SKIP prevents it from overwriting existing variables. Luckily I don't use the user id variable from the table on that page. I could have just selected specific columns out of the table to get around it too but that didn't seem ideal.
-
I did that in Minecraft once.