Hi all:
I have the following in a function to call within forms:
$formid=uniqid(mt_rand(100000000, 1000000000), false);
$token=uniqid(mt_rand(100000000, 1000000000), false);
$_SESSION['token'][$formid] = $token;
$inputs='
<input type="hidden" name="formid" value = "'.$form_id.'" />
<input type="hidden" name="token" value = "'.$_SESSION['token'][$form_id].'" />';
return $inputs;
Line 3 crashes the server: out of memory. I have tried simpler random generators with the same net result. What am I doing wrong? Thank YOU!
Random in Session array Memory Limit Crash
Moderator: General Moderators
Re: Random in Session array Memory Limit Crash
I just tried it and it worked fine.
And I'm on a sh|tty laptop with 256mb memory.
And I'm on a sh|tty laptop with 256mb memory.
Re: Random in Session array Memory Limit Crash
Yeah, I dunno. I ended up switching around the array by swapping the position the random string and the 'formid' and it worked. However, I had this both locally and remote and it did the same thing on both machines. Here's what ended up working:
function form_token_string(){
$formid=(string)uniqid(mt_rand(100000000, 1000000000), false);
$token=(string)uniqid(mt_rand(100000000, 1000000000), false);
$_SESSION[$formid]['token'] = $token;
$inputs='<input type="hidden" name="formid" value = "'.$formid.'" />
<input type="hidden" name="token" value = "'.$_SESSION[$formid]['token'].'" />';
return $inputs;
}
Thanks!
function form_token_string(){
$formid=(string)uniqid(mt_rand(100000000, 1000000000), false);
$token=(string)uniqid(mt_rand(100000000, 1000000000), false);
$_SESSION[$formid]['token'] = $token;
$inputs='<input type="hidden" name="formid" value = "'.$formid.'" />
<input type="hidden" name="token" value = "'.$_SESSION[$formid]['token'].'" />';
return $inputs;
}
Thanks!
Re: Random in Session array Memory Limit Crash
If you're running this on like...every page, then I guess the session could just get so huge, because you're creating a new key for it as well every time.
So instead of overwriting the last one, you're creating a new one. It seems kind of pointless as well tbh...why do you need two random strings?
So instead of overwriting the last one, you're creating a new one. It seems kind of pointless as well tbh...why do you need two random strings?
Re: Random in Session array Memory Limit Crash
Here's my reason:
function require_token(){ // this is called in each form processor
$valid=true;
if(!isset($_REQUEST['formid'])){
$valid=false;
} else {
$id=$_REQUEST['formid'];
if($_REQUEST['token']!=$_SESSION[$id]['token']){
$valid=false;
}
}
if(!$valid) { die('Access denied'); }
}
Since there are multiple forms on many pages, I have to be able to validate security tokens for each one. You are right: session data does get big. I have this site sessions in a db, and there is cleanup. Funny, my cleanup function had an error and after I implemented db sessions, I came back in 4 days and there were thousands of sessions. LOL
function require_token(){ // this is called in each form processor
$valid=true;
if(!isset($_REQUEST['formid'])){
$valid=false;
} else {
$id=$_REQUEST['formid'];
if($_REQUEST['token']!=$_SESSION[$id]['token']){
$valid=false;
}
}
if(!$valid) { die('Access denied'); }
}
Since there are multiple forms on many pages, I have to be able to validate security tokens for each one. You are right: session data does get big. I have this site sessions in a db, and there is cleanup. Funny, my cleanup function had an error and after I implemented db sessions, I came back in 4 days and there were thousands of sessions. LOL
Re: Random in Session array Memory Limit Crash
I just have a hidden input, with a random number, a cookie with the same number, and if they don't match on submit, then display an error.
It works well enough...I still don't see why two random strings are necessary.
It works well enough...I still don't see why two random strings are necessary.