Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP Session problem

Posted on 2014-08-19
8
Medium Priority
?
442 Views
Last Modified: 2014-08-19
Hi, I have a form which uses a PHP session to pass data from one page to another. The problem I'm having is that other users are picking up a session variable when they are also filling the form out at the same time. Users are are asked to provide their unique ID. File 1 has the following PHP session code at the top of the file:

<?php
session_start();

session_cache_limiter('private, must-revalidate');
?>


Declare the variable:

$_SESSION['some_data']=$some_data;

Upon submission the next page, File 2 has the same PHP code at the top:

<?php
session_start();

session_cache_limiter('private, must-revalidate');
?>


Recall the variable:

$some_data=$_SESSION['some_data'];

Kill the session at the base of File 2:

<?php
session_destroy();
?>


Is there a way of assigning a unique session ID to each user so that the $some_data variable is associated with the user?

Any help would be greatly appreciated.
0
Comment
Question by:bootneck2222
  • 3
  • 3
  • 2
8 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40269681
session_start(); always assigns a unique id to each new session user.  What makes you think it isn't?  

By the way, please read http://us3.php.net/manual/en/function.session-destroy.php .  session_destroy() by itself is not considered adequate to remove all session data for a user.

And you may find that session_cache_limiter() is not doing what you want.  http://us3.php.net/manual/en/function.session-cache-limiter.php  'must-revalidate' is not on the list of supported items though as shown in the comments, you can set it in a separate header.
0
 

Author Comment

by:bootneck2222
ID: 40269715
Hi Dave, thanks for your comment. If a unique ID is assigned to each session, then why is user2 getting some of user1's data? Is there away of ensuring that user1 and user2's data is only accessible by themselves based on session ID?

I should mention that I'm new to PHP sessions.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 40269871
Step one: Ask yourself why you're using this function.  If you can't explain it in layman's terms, remove it!
http://www.php.net/manual/en/function.session-cache-limiter.php

You may be overthinking the whole session concept.  Please read this article and follow the design patterns shown there.  Then post back with your SSCCE illustrating the problem if it still exists.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html

If you're new to PHP in general, this article may help you find some good learning resources (and more importantly, it may keep you away from the many bad examples of PHP code that litter the internet!)
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 2000 total points
ID: 40269877
... why is user2 getting some of user1's data?
In a properly configured system this will not occur, however you have to understand the nature of the browser and the way HTTP cookies work.  All instances of the browser share the same cookie jar, and therefore if user2 and user1 are running on the same computer (for example in a test environment) and are using the same browser, either in tabs or windows, there will be unwanted cross-pollination of the cookies.  It's explained in the articles linked above.  If this is not the case, and you have separate physical machines but still find confusion about the session data, then we have a different problem that would lead me to indict the server configuration.  More information would be needed to obtain a conviction!
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40269955
In addition to sharing the 'cookie jar', 'sessions' do not expire from the browser until all windows are closed and it is shut down completely.  As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.
0
 

Author Closing Comment

by:bootneck2222
ID: 40269972
Thanks Ray for solutions(s) and the clarity on the session process.

You hit the nail on the head I was running a test in the same browser on the same PC which explained the cross-pollination of cookies.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40270189
As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.
Dave: I think you're right about the cookie, but it's only one part of the scheme.  Long periods of inactivity can lead to session garbage-collection, and this may destroy the session data.  Even if the cookie is still valid, the session may be lost because the data is not there any more.  The default value for the wait from last activity to garbage collection is 24 minutes.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40270779
Yes, but you already covered everything else!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question