Jump to content

My server is mixing-up sessions


Fahadsafi

Recommended Posts

On 7/13/2007 at 5:36 AM, lemonshindig said:

Figured it out;

 

For all of those who are interested-

It wasn't the sessions that were mixing up, just the usernames.

register_globals was On. I was using $_SESSION['username'] to distinguish the individual user, and i was using $username in a block of code which did a specific action to EACH user's data in the database by using $username as a temperary variable in a foreach loop. Therefore, the last user edited by that block of code

would be registered over $_SESSION['username'], and my check_login script on next request would kick them out.

 

Hope it helps someone.

 

( WordPress)

I have created over 100 users with the subscriber role, including User X and User Y.

I also have 3 administrators, with one designated as the super admin.

Expected Behavior:

User X and User Y, both with the subscriber role, should only have limited access when they log in.

The super admin should have higher privileges, limited to one active session at a time, and require 2FA for added security.

Issue When Using Persistent Login Plugin:

When I activate the WordPress Persistent Login plugin, User X and User Y sometimes randomly log in with super admin access rather than their intended subscriber-level access.

This issue occurs inconsistently and doesn’t affect all subscribers every time. Even though the super admin is restricted to a single session and requires 2FA, the login sessions still appear to get mixed up.

Temporary Solution:

When I deactivate the WordPress Persistent Login plugin, the issue disappears, and users like User X and User Y only have subscriber-level access, as expected.

However, when I reactivate the plugin, the session mix-up issue reappears.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.