I'm working on an registration system in PHP and am running into an issue. The users are inserted into the database as intended. Next, a token (just a hash of a random value) is attached to a url along with the user id, and this url is emailed to the user's email so they can verify it.
For example user 128 has this verification URL: localhost/fPASS/?page=verify_email&id=128&token=4a629a13871cf6d354984abdfd990783
Note the user id in the url is correctly noted as 128. If I visit the link, the script correctly compares the id and token with the database and changes email_verified
to 1.
The problem is that if I try to register another user, the url is regenerated with the id and token for user 128 instead of 129... Unless I clear my cookies. Now the url uses session variables to determine the id and token, so it seems they aren't updating properly. The registration function, however, always reassigns the variables if there are no errors (which there aren't):
// if there are no errors, redirect to success page
if (!isset($errors))
{
// send the email address on to the next page in case the verification email needs to be re-sent
$_SESSION['email'] = $safe['email'];
$_SESSION['account_id'] = $account_id;
$_SESSION['token'] = $token;
header('Location: http://localhost/fPASS/?page=reg_success');
}
The reassignments don't seem to be taking effect though. What could cause the original assignments to get "stuck" in the session variables?