Page 1 of 1

sessions - losing varables under the same IP

Posted: Sat May 05, 2012 10:17 am
by soonic
Hi

A quick explanation:
4 PHP files (Form, Create, Delete, Get). In the file Form.php I set same variables, then I click a button and it calls Create.php which creates a picture on a disk and after shows up.

Create.php

Code: Select all

session_start();
$Fname = str_replace('.','',microtime(true));
$_SESSION['sesFname'] = $Fname;
When the picture is shown I can download (Get.php) or close and delete it (Delete.php). I pass the file name between those php files with $_SESSION['sesFname']. Everything is fine when people call the script under different IPs, but when I create two pictures on the same computer (IP) at the same time, then I get always the latest session for example: I create PIC 1 and then I create a PIC 2 (in a different tab). I want to now close or download PIC 1, my session is overwritten with PIC 2 and even I click PIC 1 I download PIC2 file. The same thing happens when users are under proxy and run my website at the same time.

What is the best way to solve this problem, and how?

Re: sessions - losing varables under the same IP

Posted: Sat May 05, 2012 4:36 pm
by requinix
Don't store the information in the session. Pass it in GET or POST, then validate it on the receiving pages.

Re: sessions - losing varables under the same IP

Posted: Mon May 07, 2012 3:45 pm
by soonic
requinix wrote:Don't store the information in the session. Pass it in GET or POST, then validate it on the receiving pages.
I'm was thinking about this way too, but I'm using 3 different ways to call php files in my code.
1) $.ajax({url: del.php}); - this wouldn't be a problem to pass extra param
with other two I'm finding a problem to pass data.
2) window.location = 'get.php';
3) tmp='<a href=get.php>';

I use ajax to call create.php then it comes back to JS again and waits for user's click and calls again get.php or delete.php. I can't really change those two ways and I'm still thinking of using session but I'm don't know how to solve my problem.

Re: sessions - losing varables under the same IP

Posted: Mon May 07, 2012 4:04 pm
by x_mutatis_mutandis_x
Do not allow to create multiple pictures at once.

Code: Select all

//Create.php?
session_start();
if (isset($_SESSION['sesFname'])) {
    echo 'You must delete or download your existing file before you can create another picture. <a href="Delete.php">Click here</a> to delete the file, or <a href="get.php">Click here</a> to download it.';
    exit;
}

 $Fname = str_replace('.','',microtime(true));
 $_SESSION['sesFname'] = $Fname;

Code: Select all

//Delete.php
session_start();
//other processing..
unset($_SESSION['sesFname']);
header('Location:Form.php');

Re: sessions - losing varables under the same IP

Posted: Tue May 08, 2012 7:51 am
by soonic
x_mutatis_mutandis_x wrote:Do not allow to create multiple pictures at once.
Well, I'll do it as you said but at the far end. The idea is to compare pictures before download them. Let's say I open 4-5 tabs with pictures, I choose 2 to download, other I close (delete). I checked on the computers under proxy today and all worked fine, so this isn't a matter of the same IP, but the same browser. I see there no way to make it work without passing a parameter.

Re: sessions - losing varables under the same IP

Posted: Wed May 09, 2012 9:34 am
by x_mutatis_mutandis_x
If you are allowing multiple requests to be initiated (promoting the usage of tabs or creating multiple images), you need to keep track of the created names in your session. So $_SESSION['sesFname'] will be an array of created images, with keys as request parameters to your pages, in which case using sessions is pointless as you can just pass the sesFname as a request parameter accross the pages (which is what requinix suggested).

Your AJAX/javascript calls shouldn't be affected. All you have to do is:
1) $.ajax({url: del.php?sesFname="the filename"});
2) window.location = 'get.php?sesFname="the filename"';
3) tmp='<a href=get.php?sesFname="the filename">';

Re: sessions - losing varables under the same IP

Posted: Wed May 09, 2012 3:48 pm
by soonic
x_mutatis_mutandis_x wrote: Your AJAX/javascript calls shouldn't be affected. All you have to do is:
1) $.ajax({url: del.php?sesFname="the filename"});
2) window.location = 'get.php?sesFname="the filename"';
3) tmp='<a href=get.php?sesFname="the filename">';

Yes, that's what I also found out yesterday. Thank you for pointing this too. I'm still working on it, but so far works fine on localhost. I think my problem is solved. Thank you all for help...this led me to another way of thinking and I'm sure now that using SESSION isn't good in this case.