Jump to content

Archived

This topic is now archived and is closed to further replies.

mikejarrett

Users getting connected to a different session

Recommended Posts

I have an application that, upon successful login, stores the name of the MySQL database and various other values in $_SESSION varibles. There have been several instances where it appears that a user in one database seems to connect to the session of another.

The session process that I am using is simple:

<?php
session_start();
...

and my connections to the database are though:

@ $db = mysql_pconnect(host, user, password);

mysql_select_db($_SESSION['dbname']);

Many of my databases have the same table names, so that a user may see data that should be seen only by another.

I am not terminating my pconnect or database queries -- and it seems that the termination of the scripts should all end them cleanly, right? Is there anything that I need to be doing with my $_SESSION that would cause it to work incorrectly? The SESSION stuff has seems to work well, but it pretty much magic to me. Should I store the session values in local cookies rather then on the server (at least, that is where I think that I am storing them)? Do I have to worry about how the server points one session file to another? Is there something that I need to think about regarding the naming of session?

Thanks for your help.

Mike

Share this post


Link to post
Share on other sites
Ok, I'll post my own answer.

What was happening was my session was timing out, and the $_SESSION['dbname'] was not set. If you call a pconnect without selecting a database, it will grab a database randomly (that is, it probably uses a connection that is pre-connected to a database). I have built a test case that proved my hypothesis.

So, how to fix? I can either test the $_SESSION['dbname'] or probably a connect (not pconnect) would work. I think that I am going to go with the first -- but do you know the difference of connect vs. pconnect?

Share this post


Link to post
Share on other sites
If you don't know the difference between pconnect and connect you do NOT need pconnect. Without going into detail, unless you are absolutely sure you know what you are doing, pconnect is a complete resource hog and usually impractical.

My bigest question however is.... Why do your users require individual databases?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.