Session details gets clashed

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Session details gets clashed

Post by ishakya »

Hi all,
I think i'm always new to php because i got lots of things to learn.
So i have a problem.
I have two separate systems and different users logs in to this systems.When i opens those two systems and type different user names and passwords for those systems.
Site 1:user name-ABC
Site 2:user name-XYZ


After some times,I log off from the site 2,and when i checks the site 1,it's uesrname has changed in to XYZ.when i click on a page in site 1,site 1's session are expired and directs me to the index page. :banghead:
i think that is a problem when we come to the real world.
So is there any way to prevent that???
Hope everyone got the idea...
Waiting for your quick reply.Thanks in advance
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Session details gets clashed

Post by Mordred »

Do you mean that this happens on localhost? May be cookies overwriting each other, hard to tell without seeing your login code.
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Re: Session details gets clashed

Post by ishakya »

No this happens in the server also.
This the login code

Code: Select all

<?php 
if (!isset($_SESSION)) {
  session_start();
}
require_once('library/myconn.php');
require_once('library/functions.php');

// *** Validate request to login to this site.
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['uname'])) {
  $loginUsername=$_POST['uname'];
  $password=$_POST['pword'];
  
  /*$redirectLoginSuccess_sadmin = "user/sadmin_home.php";
  $redirectLoginSuccess_admin = "user/home.php";
  $redirectLoginSuccess_user = "user/user_home.php";
  $redirectLoginSuccess_client = "user/client_home.php";*/
  
  $redirectLoginSuccess_sadmin = "import/add_job.php";
  
  $redirectLoginFailed = "index.php";
   
   
$LoginRS__query=sprintf("SELECT * FROM tbl_com_user WHERE user_uname=%s AND user_pword=%s",GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
$LoginRS = mysql_query($LoginRS__query, $myconn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//$rowent = mysql_fetch_array($LoginRS);
//$user_level=$rowent[8];

//Get the user level


if ($loginFoundUser) {
	$r=mysql_fetch_assoc($LoginRS);
  //declare session variables and assign them
   	$_SESSION['s_username'] = $r['user_uname'];
	$_SESSION['s_userpword'] = $r['user_pword'];
	$_SESSION['s_mytimezone'] = $r['user_timezone'];
	$_SESSION['s_user_id']= $r['user_id'];
	$_SESSION['s_my_com_id']= $r['my_com_id'];
	$_SESSION['s_user_email']= $r['user_email'];
	$_SESSION['s_user_level']= $r['user_level'];
	$_SESSION['s_user_tel']= $r['user_tel'];

  header("Location: ". $redirectLoginSuccess_sadmin);
	
	
	/*if($_SESSION['s_user_level']=="sadmin"){
	  header("Location: ". $redirectLoginSuccess_sadmin);
	}
	if($_SESSION['s_user_level']=="admin"){
	  header("Location: ". $redirectLoginSuccess_admin);
	}
	if($_SESSION['s_user_level']=="user"){
	  header("Location: ". $redirectLoginSuccess_user);
	}
	if($_SESSION['s_user_level']=="client"){
  	header("Location: ". $redirectLoginSuccess_client);
	}*/
	
	
 }
 else {
 header("Location: ". $redirectLoginFailed );
	//header("Location: import/add_job.php");
	
 }
}
?>
This part is the functionality part.when i log off from the site1,site 2's sessions are get crashed.What will happen if we use separate company id to track the session??
I'm just asking....... :(
please help me to solve this up
Thanks in advance
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Session details gets clashed

Post by social_experiment »

ishakya wrote:I have two separate systems and different users logs in to this systems.
This is on two seperate workstations as well?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply