|
|
Posted by Vince Morgan on 04/26/07 01:33
"Jonno" <jonattree@gnosis-consultancy.co.uk> wrote in message
news:1177501291.323146.24910@s33g2000prh.googlegroups.com...
> Hi
>
> I am having a problem with session vars being propagated between pages
> on this site:
> http://www.meettheancestors.com/sessiontest/index.php
> If you enter any user id and password and click Log In (no actual
> validation is performed), and then move around the other pages and/or
> keep refreshing the pages it will eventually display something that is
> incorrect i.e. saying your logged in when you aren't or vice versa.
> The exact same code here http://ccgi.gnosis.free-online.co.uk/index.php
> works fine implying a problem with the first PHP installation.
> Here is the code for the 3 files:
> =========== index.php =============
I only used *one* browser, and only one browser instance, .
I'll describe exactly what I did for the sake of the OP's cred. I open IE6
by clicking the first link. I enter a user name of "vincent" and some
gobblygook password containing non numeric chars. After clicking the
"Login" button a page opens with "Homepage" at the top, which shows as being
the same url, and "You are now logged in" on the line below. Below that
there is a link "Back to main page" which I then click. I get the login
page again, and a line below "Homepage" says "You are not logged in". I
then click the "Login" button again without entering anything into the
inputs. I now get the "Homepage" and the line below reads, "You are logged
in as: vincent". I then click the "Members area" link at the bottom and the
page and [http://www.meettheancestors.com/sessiontest/members_only.php]
opens with "Members only" at the top, and "You are logged in as vincent"
below that.
Now it gets more interesting. I click the back button and get "You are
logged in as ". I click back and forth between pages and it shows me as
either a blank user name, or "vincent". Clicking the links at the bottom of
the page and thereby going back and forth beween pages, seems to randomly
cycle me through both user names.
If I click the "Logout" button, I get another page
[http://www.meettheancestors.com/sessiontest/logout.php] "You were not
logged in, and so have not been logged out." appears. If I click back
buttons, or the links themselves, whatever, it cycles me through either
username, and when I log out it doesn't always actualy log out some times.
Hitting the members area link after logging out sometimes takes me to that
page with either of the two usernames, and sometimes not.
H o w e v e r, the second link the OP gives does not do #any# of this weird
stuff. It just works as one would expect it to. The pages look identical,
and according to the OP they are the same code.
This looks very similar to what a previous poster described on 18/04/07 in
this forum.
There is quite apparently a serious issue here IMHO.
Vince Morgan
Navigation:
[Reply to this message]
|