When browsing page receives unexpected value of $_SESSION

Asked

Viewed 145 times

-1

I have a page with Dynamic Menu accessing the user permissions page, this working fine except that the value of SESSION regardless of which user it is, it always passes the field content of the last read record and not the page actually to be accessed.

Example:

MENU PAGE - ( Starting the session )

session_start();
if((!isset ($_SESSION['login']) == true) and (!isset ($_SESSION['senha']) == true) and (!isset ($_SESSION['nome']) == true))
{
    unset($_SESSION['login']);
    unset($_SESSION['senha']);
    unset($_SESSION['nome']);  
    header('location:index.php');
    }   

    $login    = $_SESSION['login'];
    $senha    = $_SESSION['senha'];
    $nome     = $_SESSION['nome'];
    $operacao = $_SESSION['per_operacao'];    

Still on the page MENU ( Assembling the menu from a table, accessing the referred Page (User) and passing the data ( operations ) .

   <li><a href="MenuPrincipal.php"><?php echo $lSub['mod_descricao'];?></a>   
                <ul class="submenu-2">   
           <?php   
                $seleciona_rotina = pg_query("SELECT * FROM Menu_rotina WHERE id_modulo = '$idmod'"); 

            if(pg_num_rows($seleciona_rotina) == 0) { 
                } else {   
                while($sSub = pg_fetch_array($seleciona_rotina)){
                  $_SESSION['per_operacao']=$sSub['per_operacao'];
                   echo($_SESSION['per_operacao']);     // ( conteúdo: 1.2.3.4.5 )
            ?> 
            <li>   <a href="<?php echo $sSub['per_pagina']?>"><?php echo $sSub['gpo_descricao'];?></a>    
                   <?php }?>
    </li>
   <?php }?>
</ul>
   <?php }?>
   </li> 

So far so good, points out the chosen menu with its respective permissions ( Routines that the user would have access ) , and the field per_operações = 1.2.3.4.5., ( so far this great) .

USER PAGE: ( Access the page and starting the session )

<?php

     session_start(); // sempre que usarmos as sessions devemos chamar esse codigo sempre no inicio do script
     if(isset($_SESSION['per_operacao'])){// verifica se existe a varavel session
     $operacao['per_operacao']=$_SESSION['per_operacao']; // passa o valor da variavel session para outra variavel so que uma variavel dentro do mesmo arquivo
     $operacao=$_SESSION['per_operacao']; // passa o valor da variavel session par a outra variavel so que uma variavel dentro do mesmo arquivo
     echo($_SESSION['per_operacao']);   //  ( conteúdo: 0.0.1.0.1 )
     }else{
     echo("vc não passou pelo arquivo anterior" );
}

 ?>

The following occurs: here he should show me the contents of the field per_operação same as the one passed by the "main menu" page, and I’ve detected that regardless of how many records you have in the table permissao, is being treated correctly in Menuprinciapl.PHP, but is always passing the contents of the last record to the Usuario.php.

I hope I have been clear, for the little understanding I have, but I thank you for your attention and congratulations on the help that has been given to many colleagues and also to me.

  • 3

    Not related to the question, but you don’t need to !isset ($_SESSION['login']) == true. isset already returns true or false, then just use if( !isset ( $_SESSION['login'] ) and ... and the others ! isset

  • 2

    There are more problems: where is the "die" or "Exit" after Location? The code keeps running, even after redirect, if you don’t have Exit or die (it can be used intentionally, but it’s risky). Another thing: if none of the variables is set, which is the IF test, what’s the point of giving unset? Unless you’re going to use OR instead of AND. Then, if one is empty, "unseta" the rest.

1 answer

0

To better understand what’s going on, you need to understand how the sessions work in php.

In short, when a user accesses your site, they gain a unique identifier (the session id) that is saved in a cookie. When you call the function session_start, php tries to open a file (using session id as identifier) containing variables to fill the array $_SESSION and if no file is found, it creates a new one. At the end of the script, php saves all variables in the array $_SESSION in this file.

Because cookies are shared between tabs, the user will only have a session id, that is, php will use the same session file for the user, regardless of which tab he is in. This is where your problem arises, because php will overwrite all the information that is in the session file by the new ones.

A solution to your problem would be to use page identifiers, for example:

$_SESSION['permissoes']['home'] = ...;
$_SESSION['permissoes']['usuario'] = ...;

But beware of the amount of information you store. Many users online at the same time containing each one a giant session is not a good idea.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.