jQuery, PHP, AJAX, "tu" variable beeing posted for no reason, shows in var_dump()

Question

A jQuery AJAX request .post()s data to page.php, which creates $res and var_dump()s it.

$res:

$res = array(); 
foreach ($_REQUEST as $key => $value) {  
    if($key){ 
        $res[$key] = $value; 
    } 
} 

var_dump($res):

array(4) {
["text1"]=>  string(6) "mattis"
["text2"]=>  string(4) "test"
["tu"]=>  string(32) "deb6adbbff4234b5711cc4368c153bc4"
["PHPSESSID"]=> string(32) "cda24363cb9d3226bd37b2577ed0bc0b"
}

My javascript only sends text1 and text2:

$.post("page.php",{
   text1:"mattis",
   text2:"test"
}

What is the "tu" variable beeing sent? Apparantly it's very similar to the session id, but I've never seen it before.

EDIT: It is sent in IE but not in FF.

Answer 1

Since it isn't in the post data and there is no query string, it is probably stored in a cookie.

(Which, being set on a per-browser-instance basis, explains why it only appears in IE)

Answer 2

I would not recommend using $_REQUEST if do not not really need it. In this example, the $_POST-array would be sufficient.

$_REQUEST contains: $_COOKIE, $_GET, and $_POST variables

if you use $_REQUEST you have no guarantee that the data came from the post data, which leads to security holes in your script.