Hey Webmasters,
I'm struggling with a rather large and powerful issue. Let me give you a basic run over of the program:
As you can see, this page add's a logout link based on what your session's username is.
PHP Code:
<?php
session_start();
$Username = $_SESSION['username'];
echo "<a href='?logout=True'>Logout($Username)</a>";
?>
Heres where the problem starts: The session (username) is logged when the user logs in. Something like this:
PHP Code:
<?php
session_start();
$_SESSOION['username'] = $_POST['Post_Username'];
header('location: someotherpage.php');
?>
So, While testing my page out, I accessed my page on my computer, logged and saw that the log out link looked like this:
Which is exactly what I wanted. However when I logged in on my phone or any other computer as "bob", I would then refresh my computer to see that the link had been changed from (Matt) to (Bob).
The username session "Matt" and "Bob" had been crossed over!
As you can see this can cause a major problem, when the session has to do with whether or not the person has admin access.
What is happening? Why is my session getting swapped with another user logged on at the same time?
Is this a php.ini problem? Did I miss some code when setting the sessions?
Last edited by MattGoucher; 02-27-2010 at 11:04 PM..
|
