Page 1 of 1

Session Values Suddenly Change

Posted: Mon Mar 22, 2010 12:12 pm
by Ruski
Dear Friends,

I have a very serious problem on my hands. I have a certain user in my organization which is logging in as themselves on our website (controlled by php sessions) and on very rare occasions their session variable called "id_user" is switched to another user's ID (ID 6 to ID 120). This has happened 3 times now and each time it was the same users. I can guarantee that the user ID 120 did not login on the user ID 6 computer, this is a fact.

Let me give you a brief explanation of how our office and organization runs just to give you some insight and see if it can help solve the problem.

We operate in an office of 30 people, this is controlled by each user having a login to our internal SBS. Additionally we use an online website which is hosted on our third party VDS.
The website itself is just a front end application with a backend database.

Any advice would be great!

Thank you so much for reading,
Alex

Re: Session Values Suddenly Change

Posted: Mon Mar 22, 2010 12:36 pm
by manohoo
How is the user validation performed? Since we don't have a crystal ball, please show the authorization/validation code so that we can take a look.