Page 1 of 1

Sessions Buggy Help

Posted: Tue Aug 12, 2003 8:35 pm
by mitchikoy
using linux 7.3 apache 2.0 php 4.3.2
I started a session by putting
on a page say:
declare.php

Code: Select all

session_name($_COOKIEї'username'ї);
session_start();
session_register('name');
$_SESSIONї'name'] = 'users_name';
then on another page lets call it show.php

Code: Select all

session_name($_COOKIEї'username']);
session_start();
$used_name = $_SESSIONї'name'];
// then do things with $used_name
then the usual html code applies.
I create select statement with $used_name
which works properly.
i use MySQL 4.0 btw

then I put a refresh meta tag that refreshes every five minutes
this is the entire meta tag code

Code: Select all

<meta HTTP-EQUIV="Refresh" CONTENT="300">
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<meta HTTP-EQUIV="Cache-Control" content="no-cache">
<meta HTTP-EQUIV="Expires" CONTENT="Thu, 17 Jul 2003 08:56:37 GMT">
<meta HTTP-EQUIV="Generator" CONTENT="MRTG 2.9.17">
<meta HTTP-EQUIV="Date" CONTENT="Thu, 17 Jul 2003 08:56:37 GMT">
this system I created is a db - driven mrtg front end
at a certain time (peak time) i can see around 30 users that are using the system
I track this using a table in the DB

The Problem:
somehow and I have no idea why
the value I initially put in the session variable (in declare.php) changes
even though i dont access in anymore.

sample if used_name = developer
and another user accesses it lets name him used_name = clueless

on some refreshes it does, the value used_name changes into another one currently logged in the system
and this is an access driven system. if that happens clueless user may see sensitive data not meant to be seen.
for now i just created some kind of remedy to the problem comparing the cookie and session

of course the user can always login again but it is necessary for it to refresh (because it is a MRTG) every five minutes.
btw this system uses SSL

I would love to show you where it is located but for now it is firewalled

would anybody have any info on why this happens?
I'm pretty sure its not in the code (though im not concluding that)
but any info is appreciated like any issues on ssl apache php or whatever

thanks in advanced