PHP - User Data and cacheing ..HELP!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
nialler
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 3:57 am

PHP - User Data and cacheing ..HELP!

Post by nialler »

Hi.
I have a site which uses php / mysql to transact user data. The user logs in, chooses some option, this is saved to his/her account (mysql db). What is sometimes happening is:
User A logs in.
Cookie is set for User A.
User B visits site, and appears to be logged in as User A! (Or any random other user) Although - there is no cookie. I cannot always reproduce this and can only imagine that the html displayed to User B is some cached data.

Anybody ever experience this before?
Any help much appreciated .. :-)

nialler
Hannes2k
Forum Contributor
Posts: 102
Joined: Fri Oct 24, 2008 12:22 pm

Re: PHP - User Data and cacheing ..HELP!

Post by Hannes2k »

Hi,
do User A and User B uses the same computer? Do you use the session function of PHP or have you written something by your own?
nialler
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 3:57 am

Re: PHP - User Data and cacheing ..HELP!

Post by nialler »

No sessions, simple website which stores data chosen by users. User A logs on. Database is queried for user matching this username / password combination. On success, a cookie is written containing user_id, username, etc. This cookie can be verified to exist and expires at end of session.
User B visits site (not logged in) and is presented with User A's welcome message, and other data. (eg: "Welcome, UserA. You have 12 points"). There is no cookie. I have managed to re-create this intermittently and upon refresh, sometimes the user I appear to be changes! I have no idea what's causing this. I thought it could have something to do with using the global keyword in functions, but have removed usage of these and still no success. I'm running Apache 2 with php 5.1.6 on Red Hat Linux (Not sure of version, but fairly recent) Does Apache 2 cache results of PHP scripts, by any chance?
As I say - any help very much appreciated ..
Confusedly,
nialler
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP - User Data and cacheing ..HELP!

Post by Mordred »

My magic clairvoyance ball says: "Dude, I only see in the future, not in someone else's problems with no code posted"
I'm not sure what it means ;)
nialler
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 3:57 am

Re: PHP - User Data and cacheing ..HELP!

Post by nialler »

Posting code won't help at all and would just take up space in the forum. It works as explained - the question I am asking is: has anyone ever heard of a php page being cached on the server?

Slán,
nialler
nialler
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 3:57 am

Re: PHP - User Data and cacheing ..HELP!

Post by nialler »

Ok - SO I suppose this is a fairly unique problem and nobody has encountered it. :banghead: I just discovered that the site is behind a load balancer, despite the fact that it is running on only one box .. Anybody know if this could be an issue?
nialler
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: PHP - User Data and cacheing ..HELP!

Post by Eran »

SO I suppose this is a fairly unique problem and nobody has encountered it
Actually its a pretty common problem - people come here all the time and ask for help, but aren't willing to divulge much information. If you explained more clearly and in greater detail what exactly do you need, you will find people here to be much more cooperative. And if they ask you to post code, please do so.
Post Reply