PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

A Primer on Postgres Exception Handling for the PHP Developer, Part 2
MySQL, today's contender
Interfacing with MS Access
Mini Shopping Basket with only PHP4 Sessions
Table types in MySQL: Part 2 - InnoDB Tables

RE: [PHPLIB] Warning - Same session in two browsers? From: Samuel Liddicott (sam <email protected>)
Date: 12/10/99

Next message: sinisa <email protected>: "[PHPLIB] Re: mysql + php3 + apache questions"
Previous message: andre anneck: "Re: [PHPLIB] cart questions"
In reply to: Simon Sadler: "Re: [PHPLIB] Warning - Same session in two browsers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Simon Sadler [mailto:simon.sadler <email protected>]
> Sent: 09 December 1999 21:40
> To: Samuel Liddicott
> Cc: phplib <email protected>
> Subject: Re: [PHPLIB] Warning - Same session in two browsers?
>
>
> Sam,
>
> Apologies for the late reply.
>
> > > Does this make persistent (registered) variables useless?
> >
> > It just introduces the problems you mention.
>
> To re-cap. Two browsers (or more) sharing the same session will cause
> inconsistencies with changing persistent (registered) variables. Is there
> any solution? If not, then surely we should all stop using registered
> variables that change. I'm not being sensational but I am concerned.

The problem of 2 sessions also is shows need for session locking as two
sessions making simultaneous requests may both update the session store at
the same time.

One cure is to change the session number randomly each request. When a
session splits - AFTER the first submission there will then be two sessions.
Part of the session number willbe the session number as we know it, the
changing part will be some kind of serial ID used to detect when sessions
split. But are per-window sessions really a solution? If each window went
to the same page their would be two different sets of defaults perhaps!
Safer, but confusing!

Oh - and if a new-style session ID is submitted twice it could presume the
second one represents a split and treat it as if it did have a different
serial ID, and so there may then be no danger at all in splitting a session.
This would also result in a session split if "back" and then another forward
were clicked and could result in a multitude of stale sessions.

Anyone have ideas as to what to do with this?

Sam

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.

Next message: sinisa <email protected>: "[PHPLIB] Re: mysql + php3 + apache questions"
Previous message: andre anneck: "Re: [PHPLIB] cart questions"
In reply to: Simon Sadler: "Re: [PHPLIB] Warning - Same session in two browsers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]