Page 1 of 1

Strange Session problems

Posted: Wed Jul 30, 2008 5:47 pm
by VirtuosiMedia
I'm a little at a loss. I'm developing a site for someone else that involves user registration, login, etc. I have set up the login system that has the following process.

It checks to see if the user email address and password are on file and match and gets a user id.
It generates a unique hash and updates a user sessions table in the DB where the user id matches the one returned above.
The hash is set in the $_SESSION array.

Each page will then check for $_SESSION['hash']. If it exists, it will get the corresponding user data and display the username, else it will display a login bar.

My problem is that the above works, but only most of the time. On occasion, it will display the wrong username when you login. I haven't been able to replicate the error consistently enough to isolate it because it works correctly most of the time.

I don't have much control over the server environment, but I suspect that it might have some part to play in the error. It's using PHP 4.4.2. Has anyone ever run into something similar? Are there any session settings that might cause a similar error? Any insight would be invaluable. I can post code or other info if needed.

Re: Strange Session problems

Posted: Wed Jul 30, 2008 6:45 pm
by Chalks
sounds like you're getting sessions with the same id. What are you using to generate the unique hash? How unique is it?

Re: Strange Session problems

Posted: Wed Jul 30, 2008 7:02 pm
by VirtuosiMedia
Chalks wrote:sounds like you're getting sessions with the same id. What are you using to generate the unique hash? How unique is it?
You could be right. I had thought I was using a timestamp plus a salt wrapped in md5, but it turns out that I was only using that in a different part of my program. What I was using instead was this:

Code: Select all

 
$random = rand(10, 20);
$hash = md5($random.$salt);
 
I'll see what happens if I change it to:

Code: Select all

 
$date = getdate();
$activationCode = md5(implode($date).$salt);