Jump to content


Photo

Occasional session problem


  • Please log in to reply
1 reply to this topic

#1 mancroft

mancroft
  • Members
  • PipPip
  • Member
  • 10 posts

Posted 21 June 2006 - 03:24 PM

Occasional session problem

Hello

I have done a logger: thelogger.php.

This usually works OK BUT sometimes a user lands on the site, sets the session ID as 4re3ccc...etc and then goes to another file and a new session ID xc3zkf...etc gets set.

The user agent appears to be a standard browser e.g.

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

and not a crawler.

Any idea as to the cause and solution?

Thank you.

Here is the code at the top of the logger file. This file is accessed at the top of every php file by using:

<?php include("thelogger.php"); ?>

The GetTheId() function is used to get the session ID when putting it into the database.

<?php session_start();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");    

function GetTheId(){ 
if(isset($_COOKIE["theId"])){
return $_COOKIE["theId"];
} 
else
{
session_start();
setcookie("theId", session_id(), time() + 36000, "/", "",0);
return session_id();
}
}




#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 21 June 2006 - 03:28 PM

You say the user is changing the session id! If the user can change the session id then it looks like you script has a major security flaw!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users