PHP Session problem

Hi, I have a form which uses a PHP session to pass data from one page to another. The problem I'm having is that other users are picking up a session variable when they are also filling the form out at the same time. Users are are asked to provide their unique ID. File 1 has the following PHP session code at the top of the file:

<?php
session_start();

session_cache_limiter('private, must-revalidate');
?>


Declare the variable:

$_SESSION['some_data']=$some_data;

Upon submission the next page, File 2 has the same PHP code at the top:

<?php
session_start();

session_cache_limiter('private, must-revalidate');
?>


Recall the variable:

$some_data=$_SESSION['some_data'];

Kill the session at the base of File 2:

<?php
session_destroy();
?>


Is there a way of assigning a unique session ID to each user so that the $some_data variable is associated with the user?

Any help would be greatly appreciated.
bootneck2222Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
session_start(); always assigns a unique id to each new session user.  What makes you think it isn't?  

By the way, please read http://us3.php.net/manual/en/function.session-destroy.php .  session_destroy() by itself is not considered adequate to remove all session data for a user.

And you may find that session_cache_limiter() is not doing what you want.  http://us3.php.net/manual/en/function.session-cache-limiter.php  'must-revalidate' is not on the list of supported items though as shown in the comments, you can set it in a separate header.
0
bootneck2222Author Commented:
Hi Dave, thanks for your comment. If a unique ID is assigned to each session, then why is user2 getting some of user1's data? Is there away of ensuring that user1 and user2's data is only accessible by themselves based on session ID?

I should mention that I'm new to PHP sessions.
0
Ray PaseurCommented:
Step one: Ask yourself why you're using this function.  If you can't explain it in layman's terms, remove it!
http://www.php.net/manual/en/function.session-cache-limiter.php

You may be overthinking the whole session concept.  Please read this article and follow the design patterns shown there.  Then post back with your SSCCE illustrating the problem if it still exists.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html

If you're new to PHP in general, this article may help you find some good learning resources (and more importantly, it may keep you away from the many bad examples of PHP code that litter the internet!)
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Ray PaseurCommented:
... why is user2 getting some of user1's data?
In a properly configured system this will not occur, however you have to understand the nature of the browser and the way HTTP cookies work.  All instances of the browser share the same cookie jar, and therefore if user2 and user1 are running on the same computer (for example in a test environment) and are using the same browser, either in tabs or windows, there will be unwanted cross-pollination of the cookies.  It's explained in the articles linked above.  If this is not the case, and you have separate physical machines but still find confusion about the session data, then we have a different problem that would lead me to indict the server configuration.  More information would be needed to obtain a conviction!
0
Dave BaldwinFixer of ProblemsCommented:
In addition to sharing the 'cookie jar', 'sessions' do not expire from the browser until all windows are closed and it is shut down completely.  As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.
0
bootneck2222Author Commented:
Thanks Ray for solutions(s) and the clarity on the session process.

You hit the nail on the head I was running a test in the same browser on the same PC which explained the cross-pollination of cookies.
0
Ray PaseurCommented:
As long as you have even one window open, the session cookie will remain valid unless you specifically destroy the session and the cookie that goes with it.
Dave: I think you're right about the cookie, but it's only one part of the scheme.  Long periods of inactivity can lead to session garbage-collection, and this may destroy the session data.  Even if the cookie is still valid, the session may be lost because the data is not there any more.  The default value for the wait from last activity to garbage collection is 24 minutes.
0
Dave BaldwinFixer of ProblemsCommented:
Yes, but you already covered everything else!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.