
-----------------------------------
Blade
Tue Jul 27, 2004 2:43 am

sessions
-----------------------------------
sometimes when navigating through my site, i will end up logged in as a different user, what could be causing this? i have my index page, and it just includes other pages, so i only need to start my session on the index... it doesn't destroy the session when the browser is closed, thats the only reason i can think of

-----------------------------------
Amailer
Tue Jul 27, 2004 9:20 am


-----------------------------------
That only happned to me when a friend of mine, he used the same session names for two sites hosted off the same server.. I could log on with 1 username on 1 site, and I would be auto logged on, on the other with a username that doesn't exist on the other site :S

-----------------------------------
Blade
Tue Jul 27, 2004 11:03 am


-----------------------------------
well, i don' t really think its that because i end up with different registered variables of someone else who i know is logged in at the same time as me. there were 3 of us testing it, and me and my buddy were gettin logged in as the other person.. is there any way i can keep track of their phpsessid then start the session with that id? because php sessions seem to be really flimbsy and unreliable

-----------------------------------
Lang
Fri Oct 08, 2004 11:39 am


-----------------------------------
Well, if you ahven't changed the default variable that holds the session id then do this.

Create a session id place in your users table.

Then when someone logs in, it inserts their session id. Then to get information from the certain user that's logged in do this:



That will select the username from the person that ahs the current session id.

I hope this helps.

-----------------------------------
JHanson90
Sat Oct 09, 2004 9:17 pm


-----------------------------------
That only happned to me when a friend of mine, he used the same session names for two sites hosted off the same server.. I could log on with 1 username on 1 site, and I would be auto logged on, on the other with a username that doesn't exist on the other site :S

Yeah I decided not to ever use anything like that again... I've got so many security flaws on my sites made in PHP.... 



And for the first post, you might consider using a different method than including files into the index.  It's been found to be better to use other methods, plus it's iNsEcUrE.  I'm implementing a different, safer method in the web database application I'm writing (was writing, since my HD is like no more).  And then, just to make it even more fun, I was going to translate the site into Perl and Ruby :)

-----------------------------------
Blade
Sat Oct 16, 2004 11:09 pm


-----------------------------------
lol yeah. i figured out what the problem was... i was using the same variable name in a registered variable and in a variable that i was extracting from a mysql database.. pretty stupid eh? ... i decided it'd be better to put all the registered variables into an array that way i dont have that problem anymore..