Problems with $_SESSION (i think)


I built a website for family and co-workers for my personal dvd-collection. So everyone can rate the movies on it.

Therefore I used a login script with a simple login/password (encrypted and stored in MySQL) and a cookie.

When everyone uses their computer at home there are no problems at all, but at the office we use a central server. So when we arrive at the office we logon at a central server via a Chip-PC.

The strangest thing happens when using my personal website. When someone at the office just went to my site and then I go to my site then I see that other user’s name in my screen, but when I refresh the page my own name appears again. This is a huge problem because also some “private” info can be seen from other people.

I then integrated a option, however this not always works plus it kinda is annoying for the page to refresh every time you go to it.

So I suspect this is a problem with the use of $_SESSION or something like that.

Hope you guys can help me out a bit.

If you need more info, please let me know.

Kind regards,

After some further investigation I think the problem is, it won’t delete the COOKIE when logging out.

This is my logout.php :

<?php session_start(); $_SESSION = array(); session_destroy(); if(isset($_COOKIE['user_id'])) { setcookie("user_id", "", time()-3600, "/"); setcookie("user_pass", "", time()-3600, "/"); } ?>

Now I added some echo’s to it, to be able to read the content after using logout.php:

echo “cookie user: “.$_COOKIE[‘user_id’].”
echo “cookie pass: “.$_COOKIE[‘user_pass’].”
echo “session user: “.$_SESSION[‘user_id’].”
echo “session name: “.$_SESSION[‘user_name’].”

This is the result of my home pc:
cookie user:
cookie pass:
session user:
session name:

Which is what it should be…

However when I do the same thing at work, the result is this:
cookie user: 1
cookie pass: c4661312…
session user:
session name:

It indeed kills the session, however it won’t delete (expire) the cookie.

I can’t understand it… :’(

Kind regards,

I have deleted the cookies in IE at work. And now logging in an loggin out works like it should…
Also i added a variable to the .php-file, so it reads user.php?session_id=1, so now the body onload = autoload works also like it should.

Not the perfect solution…but it works :smiley:

Sponsor our Newsletter | Privacy Policy | Terms of Service