My server is mixing-up sessions

[Fahadsafi]

On 7/13/2007 at 5:36 AM, lemonshindig said:

Figured it out;

 

For all of those who are interested-

It wasn't the sessions that were mixing up, just the usernames.

register_globals was On. I was using $_SESSION['username'] to distinguish the individual user, and i was using $username in a block of code which did a specific action to EACH user's data in the database by using $username as a temperary variable in a foreach loop. Therefore, the last user edited by that block of code

would be registered over $_SESSION['username'], and my check_login script on next request would kick them out.

 

Hope it helps someone.

 

( WordPress)

I have created over 100 users with the subscriber role, including User X and User Y.

I also have 3 administrators, with one designated as the super admin.

Expected Behavior:

User X and User Y, both with the subscriber role, should only have limited access when they log in.

The super admin should have higher privileges, limited to one active session at a time, and require 2FA for added security.

Issue When Using Persistent Login Plugin:

When I activate the WordPress Persistent Login plugin, User X and User Y sometimes randomly log in with super admin access rather than their intended subscriber-level access.

This issue occurs inconsistently and doesn’t affect all subscribers every time. Even though the super admin is restricted to a single session and requires 2FA, the login sessions still appear to get mixed up.

Temporary Solution:

When I deactivate the WordPress Persistent Login plugin, the issue disappears, and users like User X and User Y only have subscriber-level access, as expected.

However, when I reactivate the plugin, the session mix-up issue reappears.

[maxxd]

Then it seems like an issue with the plugin - your best bet is to reach out to the developer about it.