[SOLVED] SESSION Variable Changed For No Reason

[GDollar_Post]

Hello,

 

So I have a standard login that sets a userid SESSION variable.  I use this to tell if someone is logged in and to do a number of other vanilla things.

 

The problem is $_SESSION['id'] gets magically changed from whatever it was to a new value when I retrieve an id from an URL and set a local variable to that value.  In other words, when I do this...

 

session_start();

...

$x = $_SESSION['id'];
$id = $_GET['id'];
$y = $_SESSION['id'];

if($x != $y){
    echo "Shit Fuck"; 
    exit(1);
}

 

... "Shit Fuck" gets printed and that's no good.

 

I figure it has to do with Apache's settings or something being messed up in the php.ini file, but I don't see any difference between my local settings and my host's settings.

 

Any help would be amazing.

 

peace.

 

[wildteen88]

Make sure you don't have register_globals turned on. Register_globals always you to use $id aswell as $_SESSION['id'] for accessing the session variable, or any other server set variables with an 'id' key.

 

To turn register_globals off it is best to add the following at the top of your scripts:

ini_set('register_globals', 'Off');

 

Or if you host always you change PHP settings within an .htaccess file you can add the following to an .htaccess file

php_flag register_globals Off

Note: It is best place an .htaccess file in you sites root folder, that way register_globals will be off through your entire website.

 

Note: Register_globals can cause exploits within your code, as you have just discovered. This is reason why PHP now has register_globals disabled by default and is being phased out.