weird session problem

Forum Moderators: coopster

Message Too Old, No Replies

weird session problem

dealing with forms

bobnew32

8:11 pm on Dec 6, 2003 (gmt 0)

Heres the deal, I have a form setup as to where I can promote moderators by putting their username into an input field and press submit

From there, the username is queried against a users table to find the user_id and if it exists. If it doesnt, it shows the form again with an error, if it does..

then it inserts the moderator row fine and dandy. But my problem is, when I hit the back button to go to previous pages after the form is submit, my $_SESSION['user_id'] reverts to the user_id of the member being promoted to moderator.

Why the heck would this ever occur?

Its a security risk if an admin was promoted to a moderator, because that person could steal the admins identity.

bobnew32

10:15 pm on Dec 6, 2003 (gmt 0)

I found out why, sorta. I had a variable called $user_id, and once I did the form it changed my $_SESSION['user_id'] into $user_id. Why did this happen? Weird, and believe me I checked my code many times and I never had $_SESSION[user_id= $user_id

jatar_k

6:59 am on Dec 7, 2003 (gmt 0)

sounds like a combination of variable(session) corruption derived from register_globals being on and using same var names but I am not sure.

bobnew32

4:29 am on Dec 8, 2003 (gmt 0)

I can definitely say now that everytime I use a form with the user_id variable in it, it definitely changes my session[user_id] to that user_id in the form. At least I know now, I just wish this wouldn't happen. I won't sweat it though, I only have one session variable being used; the user_id one. :)