Jump to content

Archived

This topic is now archived and is closed to further replies.

mancroft

Occasional session problem

Recommended Posts

Occasional session problem

Hello

I have done a logger: thelogger.php.

This usually works OK BUT sometimes a user lands on the site, sets the session ID as 4re3ccc...etc and then goes to another file and a new session ID xc3zkf...etc gets set.

The user agent appears to be a standard browser e.g.

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

and not a crawler.

Any idea as to the cause and solution?

Thank you.

Here is the code at the top of the logger file. This file is accessed at the top of every php file by using:

[code]
<?php include("thelogger.php"); ?>
[/code]

The GetTheId() function is used to get the session ID when putting it into the database.

[code]
<?php session_start();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");    

function GetTheId(){
if(isset($_COOKIE["theId"])){
return $_COOKIE["theId"];
}
else
{
session_start();
setcookie("theId", session_id(), time() + 36000, "/", "",0);
return session_id();
}
}

[/code]

Share this post


Link to post
Share on other sites
You say the user is changing the session id! If the user can change the session id then it looks like you script has a major security flaw!!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.