cookie or session, not sure which, logged out user can still see certain things

Bobby used Ask the Experts™
Because I am taking over for an ex-employee, I am tasked with finding out why a visitor who's logged in session times out 24 hours after inactivity can still see certain things that they should only be able to see when logged in, like special pricing. It was originally designed this way, because the boss wanted government customers who have logged in at some point to always be able to see their government pricing, whether they were currently logged in or not. Now, that decision has been reversed, and we only want them to see their government pricing if their current logged in session is valid.

we use Symfony2 on Unix / Apache if that matters

I have no idea if it's a cookie, a session, or whatever else

I know we utilize both but I don't know if the answer lies in either place
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Custom code means you must either ask the ex-employee + hope they will explain their code...

Or... dig into their code + understand it...

The only way to understand custom code... is to understand the code...

Anyone can guess + go to the code for the real answer.
Scott FellDeveloper & EE Moderator
Fellow 2018
Most Valuable Expert 2013

Bobby, Can you see where the session files are stored? That may help. You can also post your log in code and sample page where you are testing that somebody is logged in and they still see data.  Please make sure to obfuscate anything personal like keys or data used for creating hashing.  

If you need to, you can also engage one of use on a live session, but try and post some code first and let's see where that goes.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

'cookies' are stored on the user's computer in their browser.  Users can view their own cookies any time they want.

'sessions' are stored on the server.  'cookies' can be used to retrieve session data under some circumstances.

Details are important.  I can think of several ways to do what you are talking about.  You will have to dig into that code enough to find out what method is being used.


Thanks all. I had to ask the ex-employee... it was too convoluted to figure out without SOME roadmap.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial