Professional Web Applications Themes

sessions mixing - PHP Development

Hello world, Myself and a few friends have been experiencing the same problem. When using sessions in PHP for ``logins'' we experience the sessions ``mixing.'' To say, one user logs in as ``foo,'' another user logs in as ``bar.'' User ``foo'' refreshes to find himself now logged in as ``bar'' or not logged in at all. This has happened on several different scripts running on several different hosts using several PHP versions (including the latest). I've been able to overcome it once in the past, though I can't remember how and if the same method would have worked I probably ...

  1. #1

    Default sessions mixing

    Hello world,

    Myself and a few friends have been experiencing the same problem. When
    using sessions in PHP for ``logins'' we experience the sessions
    ``mixing.'' To say, one user logs in as ``foo,'' another user logs in as
    ``bar.'' User ``foo'' refreshes to find himself now logged in as
    ``bar'' or not logged in at all. This has happened on several different
    scripts running on several different hosts using several PHP versions
    (including the latest). I've been able to overcome it once in the past,
    though I can't remember how and if the same method would have worked I
    probably would have found it by now.

    Thanks for any help.

    -- E. Will // rakaur malkier
    E. Guest

  2. #2

    Default Re: sessions mixing

    E. Will wrote: 

    Strange behavior indeed! Are you generating your own session ID's? Make
    sure your session ID's are truly unique; that is, you are not generating
    ID's already in use by the system. Are you storing your session ID's in
    a database? If so, check to see that you are retrieving the correct
    session information. Are the two users connecting to the same
    application via the same browser on the same machine? If so, that could
    be the culprit right there.

    --
    Amir Khawaja.

    ----------------------------------
    Rules are written for those who lack the ability to truly reason, But
    for those who can, the rules become nothing more than guidelines, And
    live their lives governed not by rules but by reason.
    - James McGuigan
    Amir Guest

  3. #3

    Default Re: sessions mixing

    Amir Khawaja wrote: 
    >
    >
    > Strange behavior indeed! Are you generating your own session ID's? Make
    > sure your session ID's are truly unique; that is, you are not generating
    > ID's already in use by the system. Are you storing your session ID's in
    > a database? If so, check to see that you are retrieving the correct
    > session information. Are the two users connecting to the same
    > application via the same browser on the same machine? If so, that could
    > be the culprit right there.
    >[/ref]

    I simply use session_start() and the rest is done via $_SESSION (or in
    some cases $HTTP_SESSION_VARS). The session IDs should be generated
    uniquely by PHP. The sessions are being stored in the default directory.
    The two users was just an example. One site actually had about 40
    users from varying geographic locations using varying
    browsers/platforms/etc and they were all swapping sessions.

    - E. Will
    E. Guest

  4. #4

    Default Re: sessions mixing

    "E. Will" <net> wrote in message news:<supernews.com>... 

    It never happened to me, even in 10,000 hits per hour like sites.
    Questions like this should give some idea about INI settings (at least
    for the session )... I guess, the session.entropy_length is shorter
    than the default.

    --
    "I don't believe in the God who doesn't give me food, but shows me
    heaven!" -- Swami Vivekanandha
    Email: rrjanbiah-at-Y!com
    R. Guest

  5. #5

    Default Re: sessions mixing

    R. Rajesh Jeba Anbiah wrote: 
    >
    >
    > It never happened to me, even in 10,000 hits per hour like sites.
    > Questions like this should give some idea about INI settings (at least
    > for the session )... I guess, the session.entropy_length is shorter
    > than the default.
    >[/ref]
    It's all default.
    E. Guest

  6. #6

    Default Re: sessions mixing

    "E. Will" <net> wrote in message news:<supernews.com>... 
    > >
    > >
    > > It never happened to me, even in 10,000 hits per hour like sites.
    > > Questions like this should give some idea about INI settings (at least
    > > for the session )... I guess, the session.entropy_length is shorter
    > > than the default.[/ref][/ref]

    It's all default.

    Then, it sounds like a hoax. You haven't said anything about the
    version of your PHP... You also said, you've faced similar problem
    before(with various versions!!) ?? Yet, I haven't heard such problem.
    Yet, I have faced clustering of session alone, which can be solved
    with custom session handler.

    --
    "I don't believe in the God who doesn't give me food, but shows me
    heaven!" -- Swami Vivekanandha
    Email: rrjanbiah-at-Y!com
    R. Guest

  7. #7

    Default Re: sessions mixing

    R. Rajesh Jeba Anbiah wrote: [/ref]
    >
    >
    > It's all default.
    >
    > Then, it sounds like a hoax. You haven't said anything about the
    > version of your PHP... You also said, you've faced similar problem
    > before(with various versions!!) ?? Yet, I haven't heard such problem.
    > Yet, I have faced clustering of session alone, which can be solved
    > with custom session handler.
    >[/ref]
    Yes that's right, I'm faking it. Good call.

    I mentioned the PHP versions in the first post. It's happened to me and
    to two other friends on varying occasions. Sometimes it happens,
    sometimes it doesn't. It appears to be a flat-out bug to me. There's no
    pattern whatsoever. If the only conclusion you can come to is ``he's
    lying'' then you're probably mentally ill. I have better things to do
    than to sift through seventy messages a day on a news group to see who
    responded to a made-up bug.

    If you need proof I'll put it on a public page. In the mean time, if you
    have nothing to say other than calling me a liar don't bother responding.
    E. Guest

  8. #8

    Default Re: sessions mixing

    "E. Will" <net> wrote in message news:<supernews.com>...
     
    > >
    > > 
    > >
    > > Then, it sounds like a hoax. You haven't said anything about the
    > > version of your PHP... You also said, you've faced similar problem
    > > before(with various versions!!) ?? Yet, I haven't heard such problem.
    > > Yet, I have faced clustering of session alone, which can be solved
    > > with custom session handler.
    > >[/ref][/ref]
     

    Hmmm... I couldn't see. Could you?
     

    Ok.
     

    May be you can. But, you said that you've previously faced similar
    problem and solved it. So, I think, you can better check your previous
    codes to see how you've done. Anyway, you please report the bug (with
    more info like, PHP version, OS, INI settings, etc) to PHP dev team.
     

    Ok.

    --
    "I don't believe in the God who doesn't give me food, but shows me
    heaven!" -- Swami Vivekanandha
    Email: rrjanbiah-at-Y!com
    R. Guest

  9. #9

    Default Re: sessions mixing

    "E. Will" <net> wrote in message news:<supernews.com>...
    <snip>
     

    I'd thought that you'll be providing more info about your code.
    Unfortunately, in this c.l.p, most of the visitors present the vague
    questions but expect the best answer. In your case, you didn't mention
    about your login system, version, etc.

    1. I still believe, there is no bug in PHP session. The problem might
    be in your installation or your settings. Or someone else is hacking
    the system. You should note that, you can pass someone's session_id to
    see other's session variables (security issues). In this case, you
    need to find better/secure login system.

    2. Increase the session.entropy_length to 32. It may _sometimes_ help
    you.

    3. Find a better login system (no idea, how you do!!). The logic is:
    save the session_id of the user in user table while he logins to the
    site. And check the current session_id (of the page) with the one
    present in the DB on "every pages". For more info on this stuff, see
    Martin's login script/tutorial (<http://martin.f2o.org/php/login>)

    HTH.


    --
    "I don't believe in the God who doesn't give me food, but shows me
    heaven!" -- Swami Vivekanandha
    Email: rrjanbiah-at-Y!com
    R. Guest

  10. #10

    Default Re: sessions mixing

    I am not an expert on sessions, but have you tried storing the IP
    address along with each session-id and then checking the IP against
    the session-id. I know that proxy servers, etc can cause this to fail
    because some user's IP address changes during a session, but it may
    illuminate the issue a little more.

    Viking


    On Wed, 28 Jan 2004 17:09:18 -0600, "E. Will" <net>
    wrote:
     

    ˝Viking˝ Guest

Similar Threads

  1. Mixing languages
    By Viking2001 in forum Macromedia Contribute Connection Administrtion
    Replies: 0
    Last Post: June 6th, 07:15 PM
  2. CGI::Sessions : Deleting expired sessions
    By Vito Corleone in forum PERL Modules
    Replies: 1
    Last Post: June 15th, 02:49 PM
  3. Replies: 4
    Last Post: November 22nd, 08:36 PM
  4. mixing two w3d files
    By markus halbritter in forum Macromedia Director 3D
    Replies: 1
    Last Post: September 23rd, 11:48 AM
  5. Database sessions and file sessions
    By Cditty in forum PHP Development
    Replies: 1
    Last Post: September 9th, 01:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139