Strange Session problems
Posted: Wed Jul 30, 2008 5:47 pm
I'm a little at a loss. I'm developing a site for someone else that involves user registration, login, etc. I have set up the login system that has the following process.
It checks to see if the user email address and password are on file and match and gets a user id.
It generates a unique hash and updates a user sessions table in the DB where the user id matches the one returned above.
The hash is set in the $_SESSION array.
Each page will then check for $_SESSION['hash']. If it exists, it will get the corresponding user data and display the username, else it will display a login bar.
My problem is that the above works, but only most of the time. On occasion, it will display the wrong username when you login. I haven't been able to replicate the error consistently enough to isolate it because it works correctly most of the time.
I don't have much control over the server environment, but I suspect that it might have some part to play in the error. It's using PHP 4.4.2. Has anyone ever run into something similar? Are there any session settings that might cause a similar error? Any insight would be invaluable. I can post code or other info if needed.
It checks to see if the user email address and password are on file and match and gets a user id.
It generates a unique hash and updates a user sessions table in the DB where the user id matches the one returned above.
The hash is set in the $_SESSION array.
Each page will then check for $_SESSION['hash']. If it exists, it will get the corresponding user data and display the username, else it will display a login bar.
My problem is that the above works, but only most of the time. On occasion, it will display the wrong username when you login. I haven't been able to replicate the error consistently enough to isolate it because it works correctly most of the time.
I don't have much control over the server environment, but I suspect that it might have some part to play in the error. It's using PHP 4.4.2. Has anyone ever run into something similar? Are there any session settings that might cause a similar error? Any insight would be invaluable. I can post code or other info if needed.