Random in Session array Memory Limit Crash

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tonebari
Forum Newbie
Posts: 3
Joined: Wed Jul 22, 2009 10:25 am

Random in Session array Memory Limit Crash

Post by tonebari »

Hi all:
I have the following in a function to call within forms:

$formid=uniqid(mt_rand(100000000, 1000000000), false);

$token=uniqid(mt_rand(100000000, 1000000000), false);

$_SESSION['token'][$formid] = $token;

$inputs='

<input type="hidden" name="formid" value = "'.$form_id.'" />

<input type="hidden" name="token" value = "'.$_SESSION['token'][$form_id].'" />';

return $inputs;
Line 3 crashes the server: out of memory. I have tried simpler random generators with the same net result. What am I doing wrong? Thank YOU!
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Random in Session array Memory Limit Crash

Post by jackpf »

I just tried it and it worked fine.

And I'm on a sh|tty laptop with 256mb memory.
tonebari
Forum Newbie
Posts: 3
Joined: Wed Jul 22, 2009 10:25 am

Re: Random in Session array Memory Limit Crash

Post by tonebari »

Yeah, I dunno. I ended up switching around the array by swapping the position the random string and the 'formid' and it worked. However, I had this both locally and remote and it did the same thing on both machines. Here's what ended up working:

function form_token_string(){
$formid=(string)uniqid(mt_rand(100000000, 1000000000), false);
$token=(string)uniqid(mt_rand(100000000, 1000000000), false);
$_SESSION[$formid]['token'] = $token;
$inputs='<input type="hidden" name="formid" value = "'.$formid.'" />
<input type="hidden" name="token" value = "'.$_SESSION[$formid]['token'].'" />';
return $inputs;
}
Thanks!
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Random in Session array Memory Limit Crash

Post by jackpf »

If you're running this on like...every page, then I guess the session could just get so huge, because you're creating a new key for it as well every time.

So instead of overwriting the last one, you're creating a new one. It seems kind of pointless as well tbh...why do you need two random strings?
tonebari
Forum Newbie
Posts: 3
Joined: Wed Jul 22, 2009 10:25 am

Re: Random in Session array Memory Limit Crash

Post by tonebari »

Here's my reason:
function require_token(){ // this is called in each form processor
$valid=true;
if(!isset($_REQUEST['formid'])){
$valid=false;
} else {
$id=$_REQUEST['formid'];
if($_REQUEST['token']!=$_SESSION[$id]['token']){
$valid=false;
}
}
if(!$valid) { die('Access denied'); }
}
Since there are multiple forms on many pages, I have to be able to validate security tokens for each one. You are right: session data does get big. I have this site sessions in a db, and there is cleanup. Funny, my cleanup function had an error and after I implemented db sessions, I came back in 4 days and there were thousands of sessions. LOL
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Random in Session array Memory Limit Crash

Post by jackpf »

I just have a hidden input, with a random number, a cookie with the same number, and if they don't match on submit, then display an error.

It works well enough...I still don't see why two random strings are necessary.
Post Reply