2
I’m using the session_set_save_handler to save the session to Mysql, but an error has been troubling me.
When I log in to IE with a user, then close the browser without giving logout and log into Chrome, I already log in with the IE user. That is, he is automatically logging in with another user’s session.
Follows my function:
<?php
GLOBAL $mysqli_link;
function _open($save_path, $session_name) {
return true;
}
function _close() {
return true;
}
function _read($id) {
GLOBAL $mysqli_link;
$id = hash('sha512', $id);
$stmt = $mysqli_link->prepare("SELECT data FROM session WHERE id = ? limit 1");
$stmt->bind_param('i', $id);
$stmt->execute();
$result = $stmt->get_result();
$num = $result->num_rows;
if ($num>0) {
$record = $result->fetch_assoc();
return $record['data'];
}
else{
return '';
}
}
function _write($id, $data) {
GLOBAL $mysqli_link;
//echo session_id();
$id = hash('sha512', $id);
$access = time();
if($data!=""){
$stmt = $mysqli_link->prepare("REPLACE INTO session VALUES (?,?,?)");
$stmt->bind_param('sss', $id, $access, $data);
$stmt->execute();
}
return true;
}
function _destroy($id) {
GLOBAL $mysqli_link;
$id = hash('sha512', $id);
$stmt = $mysqli_link->prepare("DELETE FROM session WHERE id = ?");
$stmt->bind_param('i', $id);
$stmt->execute();
}
function _clean($max) {
GLOBAL $mysqli_link;
$CurrentTime = time();
//$old = time() - $max;
//$stmt = $mysqli_link->prepare("DELETE FROM session WHERE access < ?");
$stmt = $mysqli_link->prepare("DELETE FROM session WHERE access + ? < ?");
$stmt->bind_param('ss', $max, $CurrentTime);
$stmt->execute();
}
session_set_save_handler('_open','_close','_read','_write','_destroy','_clean');
register_shutdown_function('session_write_close');
?>
----------------------------------------> EDITED
on the index.php page I have this:
session_start();
if(isset($_SESSION["user"])){
$user = $_SESSION["user"];
header("Location:welcome.php");
die();
}
the intention here is to check if the person is logged in, if yes, send to page Welcome.php.
and in Welcome I have this to check if the user is really logged in to continue on the page:
session_start();
if(empty($_SESSION["id"]) || empty($_SESSION["user"]))
{
header("Location:login.php");
die();
}
Good evening, your code only presents a part, it is probable that if there is a logic flaw, it is where you started the
session_startand other functions starting withsession_. If you can report this to be possible to detect the problem.– Guilherme Nascimento
hello @Guilhermenascimento! I edited the code with the part of the sessions, I’m doing something wrong in them?
– Gabriela Dias
Then the
session_startis correct, tell me one thing, what the$save_pathand the$sessin_namereturn infunction _open($save_path, $session_name) {? On both browsers? I’ll try to play the code, but I’m not sure.– Guilherme Nascimento
thank you @Guilhermenascimento! today I ended up discovering the error, it was simply the "i" in the bind param of the _read function select. the session passes a variable with letters and numbers. putting the "i" instead of the "s" it transformed the string into a number and was taking data from another session... anyway, a roll because of an "i" instead of the "s". Thank you so much for your help again!!!
– Gabriela Dias
What was the intention here?
DELETE FROM session WHERE access + ? < ?– Bacco