diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index d2882873e..c93346376 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -2740,7 +2740,16 @@ if (get_magic_quotes_gpc()) {
     PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
 }
 
-require_once './libraries/session.inc.php';
+/**
+ * Check for numeric keys 
+ * (if register_globals is on, we'll find a numeric key here)
+ */
+
+foreach ($GLOBALS as $key => $dummy) {
+    if (is_numeric($key)) {
+        die('numeric key detected');
+    }
+}
 
 /**
  * include deprecated grab_globals only if required
@@ -2749,6 +2758,11 @@ if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
     require './libraries/grab_globals.lib.php';
 }
 
+/**
+ * include session handling after the globals, to avoid overwriting 
+ */
+require_once './libraries/session.inc.php';
+
 /**
  * init some variables LABEL_variables_init
  */
@@ -2862,7 +2876,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
  * Check whether user supplied token is valid, if not remove any
  * possibly dangerous stuff from request.
  */
-if (!isset($_REQUEST['token']) || $_SESSION['PMA_token'] != $_REQUEST['token']) {
+if (!isset($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
     /* List of parameters which are allowed from unsafe source */
     $allow_list = array(
         'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',
diff --git a/libraries/session.inc.php b/libraries/session.inc.php
index fee6c8b1a..a56e5d89a 100644
--- a/libraries/session.inc.php
+++ b/libraries/session.inc.php
@@ -84,9 +84,10 @@ ini_set('session.save_handler', 'files');
 
 /**
  * Token which is used for authenticating access queries.
+ * (we use "space PMA_token space" to prevent overwriting)
  */
-if (!isset($_SESSION['PMA_token'])) {
-    $_SESSION['PMA_token'] = md5(uniqid(rand(), true));
+if (!isset($_SESSION[' PMA_token '])) {
+    $_SESSION[' PMA_token '] = md5(uniqid(rand(), true));
 }
 
 /**
diff --git a/libraries/url_generating.lib.php b/libraries/url_generating.lib.php
index 535b6e5a5..118be3cde 100644
--- a/libraries/url_generating.lib.php
+++ b/libraries/url_generating.lib.php
@@ -64,7 +64,7 @@ function PMA_generate_common_hidden_inputs($db = '', $table = '', $indent = 0, $
         $params['collation_connection'] = $GLOBALS['collation_connection'];
     }
 
-    $params['token'] = $_SESSION['PMA_token'];
+    $params['token'] = $_SESSION[' PMA_token '];
 
     if (! is_array($skip)) {
         if (isset($params[$skip])) {
@@ -182,7 +182,7 @@ function PMA_generate_common_url ($db = '', $table = '', $delim = '&amp;')
         $params['collation_connection'] = $GLOBALS['collation_connection'];
     }
 
-    $params['token'] = $_SESSION['PMA_token'];
+    $params['token'] = $_SESSION[' PMA_token '];
 
     $param_strings = array();
     foreach ($params as $key => $val) {