Strange Session problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
VirtuosiMedia
Forum Contributor
Posts: 133
Joined: Thu Jun 12, 2008 6:16 pm

Strange Session problems

Post by VirtuosiMedia »

I'm a little at a loss. I'm developing a site for someone else that involves user registration, login, etc. I have set up the login system that has the following process.

It checks to see if the user email address and password are on file and match and gets a user id.
It generates a unique hash and updates a user sessions table in the DB where the user id matches the one returned above.
The hash is set in the $_SESSION array.

Each page will then check for $_SESSION['hash']. If it exists, it will get the corresponding user data and display the username, else it will display a login bar.

My problem is that the above works, but only most of the time. On occasion, it will display the wrong username when you login. I haven't been able to replicate the error consistently enough to isolate it because it works correctly most of the time.

I don't have much control over the server environment, but I suspect that it might have some part to play in the error. It's using PHP 4.4.2. Has anyone ever run into something similar? Are there any session settings that might cause a similar error? Any insight would be invaluable. I can post code or other info if needed.
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Re: Strange Session problems

Post by Chalks »

sounds like you're getting sessions with the same id. What are you using to generate the unique hash? How unique is it?
User avatar
VirtuosiMedia
Forum Contributor
Posts: 133
Joined: Thu Jun 12, 2008 6:16 pm

Re: Strange Session problems

Post by VirtuosiMedia »

Chalks wrote:sounds like you're getting sessions with the same id. What are you using to generate the unique hash? How unique is it?
You could be right. I had thought I was using a timestamp plus a salt wrapped in md5, but it turns out that I was only using that in a different part of my program. What I was using instead was this:

Code: Select all

 
$random = rand(10, 20);
$hash = md5($random.$salt);
 
I'll see what happens if I change it to:

Code: Select all

 
$date = getdate();
$activationCode = md5(implode($date).$salt);
 
Post Reply