I am trying to track down the source of a very serious bug in my application. I use a session variable to track the current logged in user which is derived from a database call (via PEAR, configured to return an associative array).
The variable is set up like this:
$_SESSION['u'] =& $db->getRow("SELECT * FROM user WHERE blah");
$u =& $_SESSION['u'];
global $u;
I then use $u in my code throughout to access this data as a shortcut.
This code has been running for years without issue but it seems recently that there have been occasions where users have found themselves logged in as other people. This seems to happen some time after they log in, and they migrate to become someone else. Clearly this is awful.
I was trying to debug but without a repeatable sequence of events this is pretty difficult.
My question is, do you think the setting of the session variable by reference to the database-derived array could be causing it? Could on a further page load, the memory location to which the session variable points be replaced with another user's data from a different session? Or could it be replaced with data from another database call that I am running in this user's session? I understand from reading up subsequently that this code should not be operated like this and have since removed the first & but I would like to have some idea if this could have actually been the problem. I've read that the memory location could get GC'd and turned to nothing, but this doesn't seem to have happened, it only seems to have been corrupted credibly with another user's details.
All help welcome.