Jump to content

session management

Mehdi

By Mehdi
in PHP Coding Help

 Share

Recommended Posts

Mehdi Newbie

Mehdi

Posted
Posted

Hi,

My php application works abnormal. The used code to mange session is:

  include_once "classesFiles";

  session_start ();

  // check for the first visit
  if (!isset ($_SESSION ['anObject']))
    $_SESSION ['anObject'] = new Object ();
  
  $username = "xxx";
  $password = "yyy";


  if (isset ($_POST ['username']) && isset ($_POST ['password']) && 
      $_POST ['username'] == $username && $_POST ['password'] == $password)
    $_SESSION ['anObject'] -> setRole (Role::ADMIN);

  if (InputChecker::getPageAction ($_GET ['p']) == PageAction::LOGOUT)
    $_SESSION ['anObject'] -> setRole (Role::VISITOR);
...

 

I tested the code as follow:

1- go to the site

2- log in

3- make a new tab in the same browser

4- go to the site from the new tab (I am already logged in)

5- log out from the new tab

6- go to the first tab

7- refresh the tab. I am still logged in (I find this behavior abnormal)

 

The second test:

1- go to the site

2- log in

3- make a new tab in the same browser

4- go to the site from the new tab (I am already logged in)

5- go to the first tab

6- log out

7- go to the second tab

8- refresh the tab. I am logged out (I find this normal)

 

The order of tabs from which I log out is important.

 

Does anyone have an idea why the first test dose not work normal?

Thanks,

 

Link to comment
Share on other sites
j9sjam3 Newbie

j9sjam3

Posted
Posted

if (!isset ($_SESSION ['anObject']))

    $_SESSION ['anObject'] = new Object ();

 

Try:

<?php
if(!isset($_SESSION['anObject'])) {
  // Is NOT logged in
} else {
  if($_SESSION['anObject'] != "some_string_or_whatever_here_to_stop_spoofing") {
    // Is NOT Logged in
  } else {
    // is Logged in
}

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A) I could not repeat your symptom using my own login script under the latest FF4 or IE8. In the first case, logging out in the second tab resulted in the first tab being logged out when it was refreshed.

 

B) You didn't tell us which browser you used or if you tried this in other browsers or if this is repeatable after completely closing your browser or if you have set the session.cookie_lifetime to a non-zero value to make a session last when the browser is completely closed...

 

C) You didn't post enough of your code so that someone could reproduce the problem using your code,

 

D) Your symptom is that of having two different sessions, probably due to different host-names/sub-domains (one with and one without the www. on it) from previous testing or redirects/links within your code (some with and some without the www. on them.)

Link to comment
Share on other sites
Mehdi Newbie

Mehdi

Posted
  • Author
Posted

Tested browsers:

firefox 3.6.16

chromium 10.0.648.133

IE 8

 

 

The content of index.php.

<?php
  include_once 'Webshop.php';       // class Webshop
  include_once 'InputChecker.php'; // static class InputChecke
  include_once 'LayoutMaker.php'; // static class LayoutMaker

  session_start ();

  // check for the first visit
  if (!isset ($_SESSION ['webshop']))
    $_SESSION ['webshop'] = new Webshop ();



  // handels all input from $_POST
  include_once 'postChecker.php';

  if (InputChecker::getPageAction ($_GET ['p']) == PageAction::LOGOUT)
    $_SESSION ['webshop'] -> setRole (Role::VISITOR);


  if (InputChecker::isInputCorrect ($_GET ['c'], $_GET ['s'], $_GET ['b'],
                                  $_GET ['p'],
                                  $_SESSION ['webshop'] -> getCategories (),
                                  $_SESSION ['webshop'] -> getBrands ()))
  {
    echo LayoutMaker::getTop ();
    echo LayoutMaker::getPageWithPointers ($_GET ['c'], $_GET ['s'],
                                  $_GET ['b'], $_GET ['a'], $_GET ['p'],
                                  $_SESSION ['webshop'] -> getRole (),
                                  $_SESSION ['webshop'] -> getCategories (),
                                  $_SESSION ['webshop'] -> getBrands ());
    echo LayoutMaker::getBottom ($_SESSION ['webshop'] -> getRole ());
  }
  else
  {
    echo LayoutMaker::getTop ();
    echo LayoutMaker::getPageWithoutPointers ($_SESSION ['webshop'] -> getCategories ());
    echo LayoutMaker::getBottom ();
  }
?>

 

Content of postChecker.php:

<?php
  require_once '/someWhere/loginInfoSite.php'; // contains username and password
  if (isset ($_POST ['username']) && isset ($_POST ['password']) &&
      $_POST ['username'] == $username && $_POST ['password'] == $password)
    $_SESSION ['webshop'] -> setRole (Role::ADMIN);
?>

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.