I started a session by putting
on a page say:
declare.php
Code: Select all
session_name($_COOKIEї'username'ї);
session_start();
session_register('name');
$_SESSIONї'name'] = 'users_name';Code: Select all
session_name($_COOKIEї'username']);
session_start();
$used_name = $_SESSIONї'name'];
// then do things with $used_nameI create select statement with $used_name
which works properly.
i use MySQL 4.0 btw
then I put a refresh meta tag that refreshes every five minutes
this is the entire meta tag code
Code: Select all
<meta HTTP-EQUIV="Refresh" CONTENT="300">
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<meta HTTP-EQUIV="Cache-Control" content="no-cache">
<meta HTTP-EQUIV="Expires" CONTENT="Thu, 17 Jul 2003 08:56:37 GMT">
<meta HTTP-EQUIV="Generator" CONTENT="MRTG 2.9.17">
<meta HTTP-EQUIV="Date" CONTENT="Thu, 17 Jul 2003 08:56:37 GMT">at a certain time (peak time) i can see around 30 users that are using the system
I track this using a table in the DB
The Problem:
somehow and I have no idea why
the value I initially put in the session variable (in declare.php) changes
even though i dont access in anymore.
sample if used_name = developer
and another user accesses it lets name him used_name = clueless
on some refreshes it does, the value used_name changes into another one currently logged in the system
and this is an access driven system. if that happens clueless user may see sensitive data not meant to be seen.
for now i just created some kind of remedy to the problem comparing the cookie and session
of course the user can always login again but it is necessary for it to refresh (because it is a MRTG) every five minutes.
btw this system uses SSL
I would love to show you where it is located but for now it is firewalled
would anybody have any info on why this happens?
I'm pretty sure its not in the code (though im not concluding that)
but any info is appreciated like any issues on ssl apache php or whatever
thanks in advanced