5

I have a session variable that I set like this:

<?php
$token = md5(uniqid(rand(), true));
session_start();
$_SESSION['token'] = $token;
print $_SESSION['token'];
?>

Then on another page I have this:

<?php
session_start();
print $_SESSION['token'];
?>

The problem is that they don't match. I get two completely different strings. register_globals is off. I did notice that when I set md5(....) to a constant string eg: md5('example') that it works as expected and the two strings match. But that shouldn't matter. Any ideas on what's going on here?

EDIT: Apache Acces Log:

127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /index.php HTTP/1.1" 200 3182 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /style/style.css HTTP/1.1" 304 - "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /js/signup.js HTTP/1.1" 304 - "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /index.php HTTP/1.1" 200 3182 "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:10 -0500] "GET /index.php HTTP/1.1" 200 3182 "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"

I'm not quite sure how to read that but it looks to me that my file (index.php which I assume is the '/') is being called three times. Am I reading that right? What's going on there?

Improve this question
4
  • I can't reproduce this behaviour. Check your access logs, and give some more details about the environment you are using. It's obvious that the code provided isn't the entire system, you are probably resetting that token in another place. Commented Sep 18, 2010 at 21:59
  • Some browser plugins are known to cause the behaviour that several requests are sent instead of one. Commented Sep 18, 2010 at 22:28
  • @Josh K I'm not...both pages are static for now. The only thing that gets set or changes is the token and that only happens in one place as shown above. Commented Sep 18, 2010 at 22:31
  • @James And no browser plugins, also all other pages on my site receive only one request. Commented Sep 18, 2010 at 22:32

4 Answers 4

Reset to default
3

Completely stupid mistake on my part. I had some empty <img> tags in there that were causing the extra requests. facepalm Sorry everyone, problem solved. Thanks for your help!!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

The only solution I can think of is that you are making a second request to the first page without knowing it. You should probably check your apache access log for this second access...

Making a simple request counter would be another solution to check this:

$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;
Improve this answer

8 Comments

Yep...that's the problem. When I put this code in there I get 2. I can't figure out why though... It's a static page except for the token part. No looping, updating content, etc...
I posted my Apache Access log above.
you mean each time you refresh the page, 2 is added instead of one? You see 2, 4, 6, etc ? Do you have any special extension in your browser? Like HTML validator for firefox?
Actually it goes up by 3 (3, 6, 9...) No extensions that I know of...plain old Chrome.
See here how to add the referer and User-agent to your access log : httpd.apache.org/docs/2.0/logs.html#page-header (might be useful)
|
2

You will notice that every time you revisit the first page, your session variable will change. Since it works for a constant string, 'example', I will assume that you revisit page 1 to view what is stored there.

A fix could be checking to ensure that that session variable is not set before you set it again. i.e.

<?php
session_start();
if(!empty($_SESSION['token'])){
    $token = md5(uniqid(rand(), true));
    $_SESSION['token'] = $token;
}
print $_SESSION['token'];
?>

This chunk of code should work as expected.

Improve this answer

1 Comment

Very useful answer. Two thumbs up bro!
1

Looks weird. That first chunk of code that resets the token must have been run again somehow.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.