sessions moving through network?!?

This topic is locked

sessions moving through network?!?	6/6/2008 10:50:45 PM
PHPRunner General questions
W wfcentral author Well, I showed up at my weekend job to impress the supervision with my new web database. To simplify the scenario (in order to get to my problem and question) I made a database that tracks employee reviews. I can assign a "employee review" to a supervisor and they can fill it in online, then assign it to their supervisor. I went to all the trouble to setup the security so only the person it is "assign to" can see the review. It works flawlessly at home and my office. When I came into my weekend job to show it off here's what happened... I went to "John's" computer and showed him how to login. I then logged him out and logged myself in as admin. I move a review into his control and logged out. When "John" logged back in he COULD NOT see the review in his list page at all. I decided I would troubleshoot the bug later. Next, "Paul" want to see how the system worked in his office on his computer (same network, different computer). I logged Paul into his account and thinks looked odd... then I noticed that the words at the top that says "Logged in as Paul" where changing every now and then to say "logged in as John" - during those times when it said "John" he could actually see the reviews that had been assigned to John. Next, my Boss wants to see in his office on his computer (same network again). I log in as "admin" to setup his account and then log out. He logged in and the same thing happened... the logged in kept changing from "admin" to "Boss" as we went through the pages... I have to show this to a group of 90 people tomorrow and I can't do this if I can't figure out what is causing this... HELP Robert

Mark as Solved Mark as not solved

5 replies


N	nix386 6/9/2008
	Sounds like a weird permissions problem and I would help if I could, there need to be much more information in your post to try and work out whats going wrong. Maybe it's a cookie problem with the internet browser? Sounds very odd..... mysql or mssql? Nick Well, I showed up at my weekend job to impress the supervision with my new web database. To simplify the scenario (in order to get to my problem and question) I made a database that tracks employee reviews. I can assign a "employee review" to a supervisor and they can fill it in online, then assign it to their supervisor. I went to all the trouble to setup the security so only the person it is "assign to" can see the review. It works flawlessly at home and my office. When I came into my weekend job to show it off here's what happened... I went to "John's" computer and showed him how to login. I then logged him out and logged myself in as admin. I move a review into his control and logged out. When "John" logged back in he COULD NOT see the review in his list page at all. I decided I would troubleshoot the bug later. Next, "Paul" want to see how the system worked in his office on his computer (same network, different computer). I logged Paul into his account and thinks looked odd... then I noticed that the words at the top that says "Logged in as Paul" where changing every now and then to say "logged in as John" - during those times when it said "John" he could actually see the reviews that had been assigned to John. Next, my Boss wants to see in his office on his computer (same network again). I log in as "admin" to setup his account and then log out. He logged in and the same thing happened... the logged in kept changing from "admin" to "Boss" as we went through the pages... I have to show this to a group of 90 people tomorrow and I can't do this if I can't figure out what is causing this... HELP Robert


R	rperris 8/7/2009
	i have the same problem. Using PHP Runner 5.2. Dod you find a solution


R	rperris 8/8/2009
	Nick (if you are still there) I have this problem, what other information do you need? My web server is hosted on the web. It users from a Hospital (intranet) use the data base (about room booking), they can see other users details when switching tabs. i.e person (a) has logged in then they click to another tab and person (<img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=43307&image=1&table=forumreplies' class='bbc_emoticon' alt='B)' /> appears and then back to person (a). This problem is intermittent. Person (a) gains person (<img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=43307&image=2&table=forumreplies' class='bbc_emoticon' alt='B)' /> data and security privilages. Pressing F5 will enable the users to change back and forth. I sort of resolved the issue by loading a now() date after php i.e. ..list.php?26:08:1977 to make each page unique. This is ok until a user removes the date and the security is breached. I have also told the server not to cashe the pages. Please help some one Sounds like a weird permissions problem and I would help if I could, there need to be much more information in your post to try and work out whats going wrong. Maybe it's a cookie problem with the internet browser? Sounds very odd..... mysql or mssql? Nick


R	rperris 8/8/2009
	I think i have this resolved. I have added a .htaccess file with <FilesMatch "\.(html\|htm\|js\|css)$"> FileETag None <IfModule mod_headers.c> Header unset ETag Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT" </IfModule> </FilesMatch> for more info visit http://www.askapache.com/htaccess/using-ht...g-with-htaccess


S	salus1DevClub member 8/12/2009
	I've been following this topic with interest and was hoping for a recommendation from someone at Xlinesoft. The .htaccess file approach is OK but has performance drawbacks in complex sites. Is the .htaccess file a security necessity or is there a PHPRunner security configuration that can be avoided to alleviate this problem? Thanks for any asistance you can provide.

5 replies

Mark as Solved Reply