Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

php and session variable

Hello,
  I have a PHP web application that I am have some problem with keeping the session unique.

here is what is happening

1:Open Browser 1 , login .. get a session ID -- Ok
2: Open Browser 2, login with a different user .. get a another session ID --OK
3: Refresh browser 2 --OK
4: Refresh Browser 1 -- It now have brower 2 information -- NOK

Why is it updating Browser 1? Any suggession how to fix it

Thanks for the help
0
SiemensSEN
Asked:
SiemensSEN
3 Solutions
 
Beverley PortlockCommented:
Are "browser 1" and "browser 2" the same browser on the same PC? I would expect the behaviour you describe if Browser 1 and Browser 2 were both Firefox or IE on the same PC, but I would not expect this to be the case if Browser 1 was Firefox and Browser 2 was (say) IE.

What more can you tell us?
0
 
SiemensSENAuthor Commented:
Browser 1 and 2 is FF and on the same PC. I do not get this issue if the browser 1 is IE and Browser2 is FF

I am not doing any special session handling . In by bootstrap file (ZEND) I am calling the session_start() function

Thanks in advance for your help
0
 
Beverley PortlockCommented:
"Browser 1 and 2 is FF and on the same PC. I do not get this issue if the browser 1 is IE and Browser2 is FF"

That is what I expect.

Each Browser maintains a separate "area" on your PC for things like cookies and session stuff  (even though the session data is held on the server) so FF and IE logged in simultaneously will get a session each.

Using two FF windows on the same machine opens only ONE session which they will share between them because the cookie jar is COMMON to all FF instances. When session_start() runs in the second window, it notices that a session is already active and uses that session rather than creating a fresh session.

It can be programmed around, but it is a bit messy.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pius_babbunCommented:
If you are opening the links in the same browser with different TABS this may occur. But I don't when different browser is refreshed , another browser gets refresh. Each you access any dynamic page the request is sent to the server and you get the response for it. And session id would be created as unique for the request. Hope this helps or clarify this more to arrive at right  answer....
0
 
Beverley PortlockCommented:
"If you are opening the links in the same browser with different TABS this may occur. But I don't when different browser is refreshed"

That's not the case with FF. With FF if you start a new window (not a tabbed one - CTRL-N rather than CTRL-T) the second window has access to the session established by the first window. Other browsers may vary in their behaviour.
0
 
Ray PaseurCommented:
Sorry - it's perfectly normal behavior and it works the way it was designed.  This condition arises because all instances of the same browser use the same cookie jar.  There is no "fix" for this.  Make one instance of your browser be Firefox and the other instance be Internet Explorer, then you will not see the problem.

You can find this condition happening on any cookie-driven interface, including Amazon.com and PayPal.  It's not just your "problem" - it is universal.
0
 
Loganathan NatarajanLAMP DeveloperCommented:
0
 
Beverley PortlockCommented:
Ray said: "There is no "fix" for this."

Well, there is....sort of...... but it's messy.

The solution is to embed an ID in the URL or form. You then use this identifier to access a class or array stored in the session using the URL ID as the key, but you need to encode this into everything you do. If you are security conscious then you can use PHP's mycrypt to encode/decode the value stored in the URL

Messy, but doable.
0
 
Ray PaseurCommented:
Yeah, what I really meant to convey is that there is no (easy, practical, feasible, sane, sensible, utilitarian) fix on the client side of things.  And it's not really a big deal - it only seems to be troublesome to developers.  How many "real-world" clients try to access your web pages from two instances of the browser with two different IDs?  It just doesn't occur outside of the test environment.  That's probably why PayPal and Amazon don't care about this phenomenon.
0
 
Beverley PortlockCommented:
True enough - but it annoys the heck out of me.......
0
 
Ray PaseurCommented:
Me, too.
0
 
Vimal DMCommented:
hai,

Just gothorw the session variable like

-- session_register
-- session_id


 
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now