so I have a "magic bug" in my home-rolled session class for pff. Everything works great until I turn on the security hashing - which is supposed to hash the session id, session name, and the current hash phrase together, store it in a session, and compare it each time
only problem is somewhere along the line it's breaking and a new session gets generated with every request. Well, it's driving me crazy, especially since the ip security check, browser hash security check, and referrer checking are working absolutely fine.
I feel like I'm losing my mind. Sessions are also notoriously hard to debug anyway, you only see your actions on the next page request.
Bah, I may have to give up and fire up a debugger to see where things are going wrong. I hate magic bugs.