bootneck2222
asked on
PHP Session problem
Hi, I have a form which uses a PHP session to pass data from one page to another. The problem I'm having is that other users are picking up a session variable when they are also filling the form out at the same time. Users are are asked to provide their unique ID. File 1 has the following PHP session code at the top of the file:
<?php
session_start();
session_cache_limiter('pri
?>
Declare the variable:
$_SESSION['some_data']=$so
Upon submission the next page, File 2 has the same PHP code at the top:
<?php
session_start();
session_cache_limiter('pri
?>
Recall the variable:
$some_data=$_SESSION['some
Kill the session at the base of File 2:
<?php
session_destroy();
?>
Is there a way of assigning a unique session ID to each user so that the $some_data variable is associated with the user?
Any help would be greatly appreciated.
<?php
session_start();
session_cache_limiter('pri
?>
Declare the variable:
$_SESSION['some_data']=$so
Upon submission the next page, File 2 has the same PHP code at the top:
<?php
session_start();
session_cache_limiter('pri
?>
Recall the variable:
$some_data=$_SESSION['some
Kill the session at the base of File 2:
<?php
session_destroy();
?>
Is there a way of assigning a unique session ID to each user so that the $some_data variable is associated with the user?
Any help would be greatly appreciated.
ASKER
Hi Dave, thanks for your comment. If a unique ID is assigned to each session, then why is user2 getting some of user1's data? Is there away of ensuring that user1 and user2's data is only accessible by themselves based on session ID?
I should mention that I'm new to PHP sessions.
I should mention that I'm new to PHP sessions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In addition to sharing the 'cookie jar', 'sessions' do not expire from the browser until all windows are closed and it is shut down completely. As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.
ASKER
Thanks Ray for solutions(s) and the clarity on the session process.
You hit the nail on the head I was running a test in the same browser on the same PC which explained the cross-pollination of cookies.
You hit the nail on the head I was running a test in the same browser on the same PC which explained the cross-pollination of cookies.
As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.Dave: I think you're right about the cookie, but it's only one part of the scheme. Long periods of inactivity can lead to session garbage-collection, and this may destroy the session data. Even if the cookie is still valid, the session may be lost because the data is not there any more. The default value for the wait from last activity to garbage collection is 24 minutes.
Yes, but you already covered everything else!
By the way, please read http://us3.php.net/manual/en/function.session-destroy.php . session_destroy() by itself is not considered adequate to remove all session data for a user.
And you may find that session_cache_limiter() is not doing what you want. http://us3.php.net/manual/en/function.session-cache-limiter.php 'must-revalidate' is not on the list of supported items though as shown in the comments, you can set it in a separate header.