Home/ Questions/Q 6780731
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T16:32:26+00:00

I created the script. Source – Controller – public function action_index() { session_start(); $_SESSION[‘token’]

  • 0

I created the script. Source –

Controller –

 public function action_index() {
        session_start();
        $_SESSION['token'] = rand();
if (isset($_GET['do']) and $_GET['do'] == 'comment') {//Ja viss kārtībā, turpinam
            var_dump($_POST['token']);
            var_dump($_SESSION['token']);
            if ($_SESSION['token'] == $_POST['token']) {
echo 'ok';
}
else{ echo 'error'; }

View – 

<form action="?do=comment" class="form-komentaram" method="post" style="margin: 7.5px;">
    <input type="text" name="name" required="required" placeholder="Tavs vārds..." /><br />
    <input type="text" name="homepage" placeholder="Tava mājaslapa..." /><br />
    <input type="hidden" name="artcl_id" value="<?php echo $article['id']; ?>" />
    <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>" />
    <textarea name="text" required="required"></textarea><br />
    <input type="submit" value="OK!" required="required" />
</form>

With var_dump I see, that $_SESSION[‘token’] changes on page load.
For example, I submit token in input field and reload page to check tokens, but $_SESSION[‘token’] before page reload was 23456, and $_POST[‘token’] is 23456, but after page reload $_SESSION[‘token’] is 12345. Why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to the code you posted, $_SESSION[‘token’] would be replaced with a new value every time action_index() is called. Should do something like:

    if (!array_key_exists('token', $_SESSION)) {
    $_SESSION['token'] = rand();
}

    Then any subsequent calls to action_index() won’t keep overriding your session token value.

    • 0