Mehdi Posted April 3, 2011 Share Posted April 3, 2011 Hi, My php application works abnormal. The used code to mange session is: include_once "classesFiles"; session_start (); // check for the first visit if (!isset ($_SESSION ['anObject'])) $_SESSION ['anObject'] = new Object (); $username = "xxx"; $password = "yyy"; if (isset ($_POST ['username']) && isset ($_POST ['password']) && $_POST ['username'] == $username && $_POST ['password'] == $password) $_SESSION ['anObject'] -> setRole (Role::ADMIN); if (InputChecker::getPageAction ($_GET ['p']) == PageAction::LOGOUT) $_SESSION ['anObject'] -> setRole (Role::VISITOR); ... I tested the code as follow: 1- go to the site 2- log in 3- make a new tab in the same browser 4- go to the site from the new tab (I am already logged in) 5- log out from the new tab 6- go to the first tab 7- refresh the tab. I am still logged in (I find this behavior abnormal) The second test: 1- go to the site 2- log in 3- make a new tab in the same browser 4- go to the site from the new tab (I am already logged in) 5- go to the first tab 6- log out 7- go to the second tab 8- refresh the tab. I am logged out (I find this normal) The order of tabs from which I log out is important. Does anyone have an idea why the first test dose not work normal? Thanks, Quote Link to comment https://forums.phpfreaks.com/topic/232561-session-management/ Share on other sites More sharing options...
j9sjam3 Posted April 3, 2011 Share Posted April 3, 2011 if (!isset ($_SESSION ['anObject'])) $_SESSION ['anObject'] = new Object (); Try: <?php if(!isset($_SESSION['anObject'])) { // Is NOT logged in } else { if($_SESSION['anObject'] != "some_string_or_whatever_here_to_stop_spoofing") { // Is NOT Logged in } else { // is Logged in } Quote Link to comment https://forums.phpfreaks.com/topic/232561-session-management/#findComment-1196215 Share on other sites More sharing options...
PFMaBiSmAd Posted April 3, 2011 Share Posted April 3, 2011 A) I could not repeat your symptom using my own login script under the latest FF4 or IE8. In the first case, logging out in the second tab resulted in the first tab being logged out when it was refreshed. B) You didn't tell us which browser you used or if you tried this in other browsers or if this is repeatable after completely closing your browser or if you have set the session.cookie_lifetime to a non-zero value to make a session last when the browser is completely closed... C) You didn't post enough of your code so that someone could reproduce the problem using your code, D) Your symptom is that of having two different sessions, probably due to different host-names/sub-domains (one with and one without the www. on it) from previous testing or redirects/links within your code (some with and some without the www. on them.) Quote Link to comment https://forums.phpfreaks.com/topic/232561-session-management/#findComment-1196224 Share on other sites More sharing options...
Mehdi Posted April 3, 2011 Author Share Posted April 3, 2011 Tested browsers: firefox 3.6.16 chromium 10.0.648.133 IE 8 The content of index.php. <?php include_once 'Webshop.php'; // class Webshop include_once 'InputChecker.php'; // static class InputChecke include_once 'LayoutMaker.php'; // static class LayoutMaker session_start (); // check for the first visit if (!isset ($_SESSION ['webshop'])) $_SESSION ['webshop'] = new Webshop (); // handels all input from $_POST include_once 'postChecker.php'; if (InputChecker::getPageAction ($_GET ['p']) == PageAction::LOGOUT) $_SESSION ['webshop'] -> setRole (Role::VISITOR); if (InputChecker::isInputCorrect ($_GET ['c'], $_GET ['s'], $_GET ['b'], $_GET ['p'], $_SESSION ['webshop'] -> getCategories (), $_SESSION ['webshop'] -> getBrands ())) { echo LayoutMaker::getTop (); echo LayoutMaker::getPageWithPointers ($_GET ['c'], $_GET ['s'], $_GET ['b'], $_GET ['a'], $_GET ['p'], $_SESSION ['webshop'] -> getRole (), $_SESSION ['webshop'] -> getCategories (), $_SESSION ['webshop'] -> getBrands ()); echo LayoutMaker::getBottom ($_SESSION ['webshop'] -> getRole ()); } else { echo LayoutMaker::getTop (); echo LayoutMaker::getPageWithoutPointers ($_SESSION ['webshop'] -> getCategories ()); echo LayoutMaker::getBottom (); } ?> Content of postChecker.php: <?php require_once '/someWhere/loginInfoSite.php'; // contains username and password if (isset ($_POST ['username']) && isset ($_POST ['password']) && $_POST ['username'] == $username && $_POST ['password'] == $password) $_SESSION ['webshop'] -> setRole (Role::ADMIN); ?> Quote Link to comment https://forums.phpfreaks.com/topic/232561-session-management/#findComment-1196261 Share on other sites More sharing options...
Mehdi Posted April 3, 2011 Author Share Posted April 3, 2011 Any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/232561-session-management/#findComment-1196311 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.