I have a web app, which I’m testing now. And for some reason I can’t get the sessions work properly. They work good on my local site though.
Here’s the problem. For some reason PHP issues the same session_id value for different users whenever they access the website. And yes, I’m deleting the cookies before testing, so that’s not where the problem lies.
This causes user 1 to be logged in as user 2 without entering username/password combination. I use session cookie along with other cookie values for persistent logging in. I don’t know why it happens, but it’s all because the two users share the same session cookie value.
I noticed that the session_id is the same when the time difference between accessing the site is little (about 10-20 seconds). More than 20 secs – users received different session_id values (which is a good thing).
I really tried all possible scenarios: – two different computers, same browsers – two different computers, different browsers – one computer, different browsers
In total, I used three different computers and three different browsers, but to no avail.
I use the standard session_id() algorithm, I didn’t really change anything, everything is pretty standard.
Edit:
(added code)
$session_start();
if(!isset($_SESSION['login_check']) || $_SESSION['login_check']==0)
{
$_SESSION['login_check'] = 1;
if(isset($_COOKIE['user_id']) && isset($_COOKIE['session_id']))
{
$user = find_user($_COOKIE['user_id']);
if($user->sid == $_COOKIE['session_id'])
{
// extending the cookies
setcookie('user_id', $user->id, time() + 3600*24*14, "/", null, null, true);
setcookie('session_id', uniqid(rand(), true), time() + 3600*24*14, "/", null, null, true);
}
}
}
I don’t call session_id() anywhere in my code.
Advertisement
Answer
I don’t know if it’s right, but you could try to use the sessions on mysql.
Maybe it can help you: http://www.devshed.com/c/a/mysql/custom-session-management-using-php-and-mysql/