cookie or session, not sure which, logged out user can still see certain things

Because I am taking over for an ex-employee, I am tasked with finding out why a visitor who's logged in session times out 24 hours after inactivity can still see certain things that they should only be able to see when logged in, like special pricing. It was originally designed this way, because the boss wanted government customers who have logged in at some point to always be able to see their government pricing, whether they were currently logged in or not. Now, that decision has been reversed, and we only want them to see their government pricing if their current logged in session is valid.

we use Symfony2 on Unix / Apache if that matters

I have no idea if it's a cookie, a session, or whatever else

I know we utilize both but I don't know if the answer lies in either place
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Custom code means you must either ask the ex-employee + hope they will explain their code...

Or... dig into their code + understand it...

The only way to understand custom code... is to understand the code...

Anyone can guess + go to the code for the real answer.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott FellDeveloper & EE ModeratorCommented:
Bobby, Can you see where the session files are stored? That may help. You can also post your log in code and sample page where you are testing that somebody is logged in and they still see data.  Please make sure to obfuscate anything personal like keys or data used for creating hashing.  

If you need to, you can also engage one of use on a live session, but try and post some code first and let's see where that goes.
Dave BaldwinFixer of ProblemsCommented:
'cookies' are stored on the user's computer in their browser.  Users can view their own cookies any time they want.

'sessions' are stored on the server.  'cookies' can be used to retrieve session data under some circumstances.

Details are important.  I can think of several ways to do what you are talking about.  You will have to dig into that code enough to find out what method is being used.
BobbyAuthor Commented:
Thanks all. I had to ask the ex-employee... it was too convoluted to figure out without SOME roadmap.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.